Re: Screening Outgoing Mail for Content

["Perry E. Metzger" <perry () piermont com>]

"Bruce B. Platt" writes:
> Nevertheless, I can conceive using a perl script as part of a mail proxy to
> do this job on the message text, 
> but other than using something like Inso's Outside In, I am at a loss as to
> how to how to suggest screening 
> the contents of compound documents like a spreadsheet, a word processing
> document, or a .pdf file, as examples.

The screening problem is "AI complete". That is, it requires full AI
to detect sufficiently evil violators -- if even that would work.

You may think that your users are too stupid to manage to smuggle
things out via email that you can't detect. You are wrong. Users smart 
enough to use a scanner can send out GIF's of sensitive documents
without you being able to detect it via automation.

If the user is sophisticated, forget having even hand screening
work. If hand screening won't work, what will?

I have been asked at several firms to implement "blocking" software. I 
have sometimes noted to the requestor that no one was physically
searched on leaving the building, and that anyone wanting to remove
valuable information from the firm could just xerox it and walk out
the door with it.

Note that logging software is sometimes regrettable but
necessary. "Blocking", though, at the very least cannot be made
perfect, or even particularly good, against determined violators.

Perry