Full Disclosure mailing list archives
Re: Email
From: Damian Gerow <damian () sentex net>
Date: Wed, 4 Feb 2004 10:20:10 -0500
(Re-formatted for clarity. Please look into line wrapping.) Thus spake Jos Osborne (Jos () meltemi co uk) [04/02/04 10:13]:
Most ISP's wouldn't touch the concept of being responsible for their client's e-mail security with a 10' barge pole. Apart from the obvious technical issues - they'd need an AV scanner to check the mail that would have to be capable of dealing with serious volumes - there are also issues of liability if anything doesn't work (I'm thinking along the lines of the medical court cases that have come up where doctors have been sued for not using the most advanced equipment that existed regardless of whether they actually had that equipment available at the time).
Actually, most ISP's need to offer some sort of AV/Spam scanning these days if they want to remain in business. Think 'value-add services'. There are many software packages that can handle large volumes of mail. And if one server can't do it, there's a reason Round Robin RRs exist. That's not to say that they're responsible for their client's e-mail security, rather, they're offering a service to keep their client's e-mail free of viruses. So long as they follow due diligence -- update defs frequently, don't run massively outdated software, try to set the system up to be difficult to circumvent -- there's little to worry about.
Add to this privacy issues - they have to open up the e-mail to scan it - and you end up with a fairly horrible problem.
Yeah, if you have a crack team of virus analyzing monkeys sitting in the back, opening up and manually checking every single piece of mail coming through your network, you might have some privacy -- and load -- problems. But then again, you might have bigger problems. - Damian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Email D B (Feb 04)