IT-Analysis.com
IT-Analysis.com Logo
Enterprise SME Business Issues Technology Services Channels
Top Level padlock  Members Area | Registration 
Archive  | Papers  | Research  | Events  | Newswire  | Blogs  Contact IT-Analysis.com 
Module Header
Simon HollowayRFID Scanlines
Simon Holloway
28th August - US DOD issue an RFP for Active RFID
Angela AshendenMWD
Angela Ashenden
27th August - Cisco strengthens collaboration portfolio
David TebbuttTeblog
David Tebbutt
27th August - BCS to help data centre decision making
Tony LockFreeform Comment
Tony Lock
24th August - Time To Take the Tablet - Vista's unsung platform
David TebbuttTeblog
David Tebbutt
20th August - Putting email in its place
Dale VileKeeping IT Grounded
Dale Vile
20th August - iPhone: First impressions of a BlackBerry user
Module Header
Q. How would you describe your email use?
 
  • addtomyyahoo4
  • Subscribe in NewsGator Online
  • Add to My AOL
  • Subscribe with Bloglines
  • Add to netvibes
  • Add to Google
Blogs > Freeform Comment
Anti-Spam: When the cop becomes the thief
Jon Collins By: Jon Collins, Service Director, Freeform Dynamics
Published: 20th September 2007
Copyright Freeform Dynamics © 2007
 Logo for Freeform Dynamics

In IT security, we do hear the occasional story of where a bad guy has come over to the good side and started, for example to help companies protect themselves from hack attacks. There's a parallel to this in software, when for example a program which may once have had dodgy connotations becomes something that everyone can use—peer to peer for example, in its Groove guise.

With spam checking however, things seem to be going the other way. Sure, don't get me wrong—I'm delighted that protections exist, lest I be inundated with irrelevant messages (I have all the performance-enhancing drugs I need, thank you). But—and increasingly—spam checkers seem to be stopping the good stuff, sometimes with quite unfortunate results.

I've long been reciting the mantra security equals productivity. In general, many issues are such because they might somehow prevent us from working, or may cause us unnecessary pain fixing problems. The counter, for example, is that there's no point in taking the sales guy's PDA away because of potential security issues, if that causes a significant reduction in sales. Risk management theory says we need to balance the potential risks (loss, theft) and their consequences (data leakage, fraud leading indirectly to loss of business) with the issues caused by the countermeasures (direct loss of business). All makes sense.

Enter anti-spam. Trouble is, the standard set of behaviours associated with email tends to assume that if a message doesn't bounce, it will have got through. Over the past few weeks I have sent messages which (it transpires) never arrived, some of which could have led to embarrassing apologies if a colleague hadn't spotted the issue in time. Similarly, I've found messages from clients in my spam box—or should I say spotted given the ton of other messages in there. There may be somebody right now waiting for an email which I have already sent, but which will never appear, and both sender and receiver will be none the wiser.

I don't know what the answer is, but the unfortunate truth is that the email mechanisms we have accepted are in fact woefully inadequate—and I'm not just saying that as an ex-X.400 trainer. Technologically, it would be quite straightforward to implement whitelisting mechanisms in which named correspondents are given priority, indeed I'm surprised there isn't a Facebook plugin already. Non-repudiation via encryption is also old technology, built into the majority of mail clients and sitting there idle. I wonder whether there will be an event that will force us to change our habits, but for now we'll just have to make do—and cope with the consequences.

Reader Comments

We are no longer accepting comments against this item. We suggest contacting the author directly.

21st September 2007: 'thickmike' said:

The whitelisting spproach seems really sensible and for me, as an e-mail hoarder, what I need is a tool to go through all my e-mail directories and create a whitelist for me. I can live with the task of adding new names to it. I also need to be able to add generic sites e.g. anyone@itdirector.com for my trusted partners. Just as it seems to me that whitelisting instead of antivrus is the only sensible approach to managing what runs on my system, so whitelisting e-mail contacts also seems to be the best approach. Is there such a tool out there? And am I kidding myself that I could manage to maintain it?

Reply to thickmike?

24th September 2007: 'David Tebbutt' said:

While I can't do anything about mails that really don't arrive, I use Firetrust's MailWasher Pro to pick up my mail for me and mark it according to my whitelist, blacklist, filters and its own spam detection mechanism.

You can let rip and allow the software to delete all suspect emails. But it's safer to scan the list, clicking and unclicking as you go. This is made easier by colour coding.

You can, optionally, subscribe to a community database built by investigating new reported spam. That takes just a click in a box when you find new spam.

Reply to David Tebbutt?
Advertisement


Analysts
Bloor Research Freeform Dynamics Hurwitz & Associates Hydrasight Macehiter Ward-Dutton Quocirca Sageza Group, Inc. The Information Difference
Amplitude Research, Inc. Applied Computer Research, Inc. Callio Technologies Computer Economics CoreBrand Cranfield School of Management DMC Valuations Group eMarketer
About The Website | Advertising | Contact | Site Map | Terms of Use | Privacy | Accessibility
Copyright © IT Analysis Communications Ltd., unless stated otherwise		 Tel: +44 (0)203 051 5760
Fax: +44 (0)870 345 9922

Published by: IT Analysis Communications Ltd.
T: +44 (0)203 051 5760 | F: +44 (0)870 345 9922
Email: