WEB SECURITY ADVISOR
SMTP policies help reduce the risk of unauthorized mail servers
Al Berg
09.21.2005
Rating: --- (out of 5)
|
SMTP, or the Simple Mail Transport Protocol, is the basic foundation of Internet e-mail. Each day, billions of messages are sent over the Internet using SMTP, enabling global communications and commerce. However, like many other tools, SMTP can have a dark side. Policies determining how and where SMTP can be used on networks can make the difference between efficient communication and a security nightmare.
The main problem with SMTP is that, as its name implies, it is simple. It's easy to install an SMTP server on a server or workstation, and start sending and receiving e-mail. While this does not sound like a security problem, think about these possibilities:
None of these scenarios are pretty, but they are pretty easy to prevent. An organizational SMTP policy and some teeth to back it up can greatly reduce the risks from unauthorized mail servers.
The fight against open SMTP proxies is one where consumer ISPs are out in front
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
of us corporate types. Most providers routinely prevent subscribers from sending or receiving SMTP traffic via servers other than the "official" ones that they provide. While this has obviously not stopped the deluge of spam and malware that clogs the Internet, it has helped to keep the problem under some semblance of control. Corporate policies preventing unregulated SMTP traffic help keep the Internet a useful communications tool and help prevent your organization from running afoul of regulators, other Internet users and customers.
About the author
Al Berg, CISSP, CISM is the Director of Information Security for Liquidnet (www.liquidnet.com). Liquidnet is the leading electronic venue for institutional block equities trading. According to INC. magazine in 2004, Liquidnet was the fastest growing privately held financial services company in the US and the 4th fastest growing privately held company in the US across all industries.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
