Pop quiz: E-mail security

Find out how much you know about securing your organization's e-mail.

It's time for a pop quiz to test your knowledge of e-mail security! If you graduated from our E-mail Security School, see how much knowledge you retained. If not, here's your chance to see if summer school is in order. For each question you'll find links to the corresponding Security School learning materials so you can quickly freshen up on weak areas.

1.) What "layer" of an e-mail message should you consider when evaluating e-mail security?
c. Body
d. All of the above

How'd you score?

9-10 correct: You're an expert! Recommend E-mail Security School to a colleague and answer their questions during the course. By helping someone else learn, you reinforce your own knowledge.

7-8 correct: Freshen up on weak areas by focusing on specific lessons.

Lesson 1: E-mail Security Essentials

Lesson 2: Spam and Virus Mitigtation Strategies

Lesson 3: E-mail Policy Control

Less than 7 correct: The best place to start is at the beginning. Begin E-mail Security School on your next lunch break or print the technical articles to read on your commute home.

2.) Why isn't S/MIME the perfect solution to e-mail security?
a. It provides authentication and privacy, but not integrity checking.
b. It provides authentication and integrity checking, but not privacy.
c. It has scalability problems.
d. What are you talking about? It is the perfect solution.

3.) What is a spam cocktail?
a. An ISP that allows the distribution of spam.
b. A piece of spam sent to multiple recipients within the same organization.
c. A deluge of spam mixed with legitimate e-mail in a user's inbox.
d. A combination of techniques used to identify spam.

4.) In what order should you digitally sign and inject a footer into an e-mail message?
a. First inject the footer, then digitally sign.
b. First digitally sign, then inject the footer.
c. It doesn't matter.
d. You can't do both, period.

5.) What are the two most common errors associated with keyword searching across e-mail messages?
a. Ignoring the subject line
b. Ignoring case significance
c. Improper word stemming
d. Ignoring alphanumeric characters

6.) When considering antispam products, which of the following should you look for?
a. A 100% false-negative rate
b. A high false-negative rate
c. A 0% false-positive rate
d. A low false-positive rate

7.) When might a virus scanner not know whether or not a message has a virus?
a. If the message is encrypted
b. If the archive is protected
c. If the message causes the scanner to crash
d. All of the above

Time is running out!
Nominate yourself or your peers for SearchSecurity.com's Security Seven AwardsSubmit yours today.

8.) Why wouldn't you want to simply delete a message for an invalid recipient?
a. It might be spam.
b. It might be a virus, and you should let the sender know.
c. The sender may have misspelled the recipient's e-mail address.
d. None of the above

9.) What happens if you digitally sign and inject a footer on a message in the wrong order?
a. Nothing.
b. The message won't be sent.
c. The footer will invalidate the signature.
d. The footer will be illegible.

10.) When is it better to run antispam on an e-mail client, as opposed to the external MTA?
a. When users prefer to have control.
b. When you want maximum performance from a product.
c. When you want a direct connection between the antispam product and the spammer.
d. When you want the product to collect the real IP address of the sender.

This was last published in July 2005

Dig Deeper on Email and Messaging Threats-Information Security Threats