Preventing unauthorized email issues from hindering an organization

In this expert response, find out how to prevent your organization from sending out unauthorized emails.

Nick Lewis

A recent prediction from Symantec Corp. said, "As the economy continues to suffer and more people seek to take advantage of the loose restrictions of the CAN-SPAM Act, we'll see more organizations selling unauthorized email address lists and more less-than-legitimate marketers spamming those lists." Under what circumstances could your organization do this legitimately, and what can you do to make sure this doesn't happen?

This question is as much about ethics as it is about the information security threats posed by sending out legitimate commercial emails. Commercial, unauthorized email has its place on the Internet, but you must protect your organization from crossing the line and becoming a spammer.

Organizations can buy a legitimate commercial email list in several ways. Infosec pros should develop relationships with marketing departments, and integrate themselves into their projects. This doesn't mean constant communication about all of the details, but if there is a question of technology use, the IT department should take action to ensure the information security risk is minimized for the organization. This could mean explaining to the marketing department that using the list they bought on the black market could have negative repercussions, such as reputation loss or being put on spammer blacklists. Companies can also buy or rent a list through legal means, or get access to addresses by sponsoring an event like a seminar or conference and making it clear the participants' contact information is going to be used for marketing purposes related to the event.

Make sure the marketing department is only purchasing lists from legitimate businesses, and scrutinize the terms and conditions under which the email addresses were collected. Then, be sure to honor the original terms and conditions when sending commercial email to the list.

This was last published in May 2010

Dig Deeper on Email and Messaging Threats-Information Security Threats

email spam Email spam, or junk email, is unsolicited bulk messages sent through email with commercial, fraudulent or malicious intent.

Most antispam technologies get failing grade An independent study finds that many enterprises are not satisfied with traditional antispam technologies.

Learn IT: How Spam Affects Email Marketing Campaigns 1. What's the difference between spam and legitimate email marketing? Spam is unsolicited bulk email (UBE).

Can Spam Act of 2003 The Can Spam Act of 2003 is a commonly used name for the United States Federal law more formally known as S. 877 or the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003." The law took effect on January 1, 2004. The Can Spam Act allows courts to set damages of up to $2 million when spammers break the law.

Combating image-based spam Spammers are a sneaky lot, and their latest innovation, image-based spam, presents yet another security and management concern for SMBs. This tip explains the dangers of image-based spam and what you can do to combat it.

Related Q&A from Nick Lewis

What are the benefits and challenges of cloud penetration testing?

Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading

How can companies prevent and respond to island hopping attacks?

Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading

What are the best criteria to use to evaluate cloud service providers?

Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

How to implement zero-trust cloud security

The nature of cloud environments and workloads is changing. Security team approaches must evolve in response. Learn how to ...

AWS Access Analyzer aims to limit S3 bucket exposures

Amazon Web Services introduced the Access Analyzer tool at its re:Invent event. The new option aims to help users avoid ...

How to evaluate CASB tools for multi-cloud deployments

When it comes to evaluating CASB tools, it's essential to be an informed customer. Identify your organization's usage and ...

SearchNetworking

4 SD-WAN vendors integrate with AWS Transit Gateway

Aruba, Cisco, Citrix and Silver Peak are among the first SD-WAN vendors to integrate their products with the AWS Transit Gateway.

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

Catch up on the different features available with the first wave of Wi-Fi 6, including OFDMA and Target Wake Time, and find out ...

3 networking startups rearchitect routing

Networking startups Arrcus, DriveNets and Volta Networks help service providers redefine routing in the data center and at the ...

SearchCIO

Shell, Halliburton, Unibap AB execs share real-world AI strategies

Technology advances like quantum computing mean AI's best years are still to come, but that doesn't mean companies aren't already...

What's the difference between RPA and IPA?

To prepare for robotic process automation combined with the more sophisticated intelligent process automation, CIOs first need to...

The technological evolution of IT industry leaders: 2000 - 2020

As technology has shifted since 2000, so have IT leaders. This guide looks at how Oracle, Cisco, Dell and SAP have adapted to ...

SearchEnterpriseDesktop

Microsoft extends Office 365 benefit to nonprofit volunteers

Thursday's announcement extends the company's September offering of 10 free Microsoft 365 Business licenses for nonprofits' ...

Cut through confusion of the digital workspace market

What is a digital workspace, exactly? Find out the definition of this new technology, what it means for the future of end-user ...

Windows 10 issues top list of most read stories for IT pros

IT pros seemed focused on the latest Microsoft OS, based on our most read stories for 2019. That may not come as a surprise, ...

SearchCloudComputing

Review these Azure Service Bus best practices

When applications talk, you need to listen. Learn about Microsoft's cloud messaging service, its main features, best practices to...

Instill cloud change management best practices

Automation is essential to change management in the cloud. Discover the best practices that ensure your IT team is in sync and ...

How much cloud does an IT disaster recovery plan need?

It's not easy to get the right mix of traditional and cloud-based DR resources. Here's how to strike a balance between what's ...

ComputerWeekly.com

FCO to boost cloud analysis setup

A new procurement process has been launched to bring in new features such as geospatial analysis

Tories plan electronic visa waiver for EU citizens

Pledge introduces the idea of electronic travel authorisation as part of plans to protect the UK border after Brexit

Dutch government must sort IT mess as priority

Dutch government lacks the knowledge and skills for its own IT strategy, according to scathing report

Preventing unauthorized email issues from hindering an organization

In this expert response, find out how to prevent your organization from sending out unauthorized emails.

Dig Deeper on Email and Messaging Threats-Information Security Threats

Related Q&A from Nick Lewis

What are the benefits and challenges of cloud penetration testing?

How can companies prevent and respond to island hopping attacks?

What are the best criteria to use to evaluate cloud service providers?

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

How to evaluate CASB tools for multi-cloud deployments

SearchNetworking

4 SD-WAN vendors integrate with AWS Transit Gateway

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

3 networking startups rearchitect routing

SearchCIO

Shell, Halliburton, Unibap AB execs share real-world AI strategies

What's the difference between RPA and IPA?

The technological evolution of IT industry leaders: 2000 - 2020

SearchEnterpriseDesktop

Microsoft extends Office 365 benefit to nonprofit volunteers

Cut through confusion of the digital workspace market

Windows 10 issues top list of most read stories for IT pros

SearchCloudComputing

Review these Azure Service Bus best practices

Instill cloud change management best practices

How much cloud does an IT disaster recovery plan need?

ComputerWeekly.com

FCO to boost cloud analysis setup

Tories plan electronic visa waiver for EU citizens

Dutch government must sort IT mess as priority

Dig Deeper on Email and Messaging Threats-Information Security Threats

Related Q&A from Nick Lewis

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.