One aspect of these services is the ease with which a typical end user can
set up a Hotmail account to impersonate someone else.
For example, one could set up a hotmail account, then change the display
name and email address to match the president of your company. He could then
impersonate your president... sending offending messages to customers,
firing senior managers, giving you a raise. (I didn't say it was ALL bad).
In the "olden" days, this kind of e-mail spoofing was more difficult because
you had to be able to type. Now Microsoft and company has made it fairly
easy for the average user with revenge on his mind.
Dan
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Most web based mail services now do a virus scan before accepting email.
Hotmail
does. Perhaps a policy of only allowing web based email from services that
do
virus/Trojan scan on mail. You are not stopping web mail but are pointing
out the security implications. All you need to do is have a list of
acceptable services.
I'm in the process of updating our Internet acceptable use policy in
anticipation of the new FDIC privacy regulations. I'm trying to decide what
to do about web base mail (Hotmail et al.). Web based mail is a way for
viruses and Trojans to get in.
I could:
Ignore it
Try to block it - (kinda like being a bilge pump on the Titanic).
Set a policy banning it. It's never a good idea to set a policy that will
be unpopular AND unenforceable.
Try to regulate it by policy. Less unpopular, but still unenforceable.
What are other people doing?
Ken Butler
Liberty Bank
-
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
