On Jun 9, 2014, at 11:34 AM, Murray S. Kucherawy via dmarc-discuss <dmarc-discuss@dmarc.org> wrote:
> On Mon, Jun 9, 2014 at 10:49 AM, Larry Finch <finc...@portadmiral.org> wrote: >> User education (if that is possible) is the best defense. > > I seem to recall a presentation some years ago that discovered over 18% of > users go through their spam folders and fall for phishes found in there, on > the basis that the spam filtering might cause them to miss something > important. Of course they do, because that's exactly what we've trained them to do! "You didn't get the email? Check your spam folder." > It's interesting, but also sad for email, that Kaiser (and perhaps others) > has decided this problem is intractable. Anyone who is subject to HIPAA regulations is *required* to up their security game or face some pretty serious financial penalties. For example, sending email with any Personal Health Information to any of the freemail providers is an absolute no-no. > Now, when my doctor sends me a message, I get an email asking me to go to > their web site to retrieve the message. It's a bit annoying to have to log > in to a web site to read a single message, but we're guaranteed mutual > authentication and message security that way. At least that way, you're guaranteed that gmail isn't archiving your health stats and showing you ads for "alternative" medications instead of your prescriptions. It's not just health care, other regulated industries have been forced to curtail their use of email because of the lack of security. Matt _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
