Jump to content

Doubts on Enterprise Email Security


Recommended Posts

HI,

Glad to be here and here's my first post, which are just some doubts I have about "stuff" I do and deal with at work. Apologies if they're too nooobiee.. just trying to "think out loud here".

Firstly I fail to understand why are enterprises not buying email services like "google for work" with their personalized domain name instead of setting up the whole thing by themselves. I do understand many do but the big ones seem to be shy of it, are there really risks involved with downtime, data loss etc?

Wouldn't gmail's spam filtering etc be better and effective?

Coming to my SPAM doubts, why can't the ISPs just themselves block emails from the blacklisted IPs instead of letting them reach all the way to the intended recipient and then expecting the spam filtering there to do the same thing? And talking about the major email filtering solutions how come they miss out obvious spam, I get that nothing is 100% but i am talking about obvious spam here.

To share one incident, lets say that the email spam control solution can't see the incoming SMTP connection IP, and hence can't match the incoming IP against the blac lists in this case, but even then the real blacklisted IP which is the real email source still present in the email header, can't the email gateway read it from there?

That's all is coming to me now ..cheers.

Link to comment
Share on other sites

This isn't so much a "they can't" but more a "they won't" or, more specifically, "they chose not to".

A business can do Google for Work, but it comes at a cost and if they either found a different provider for it or they have the required expertise in-house to provide a service themselves which is good enough (comparable to eachother on the points that matter to the *business*, as opposed to something you might prefer) at a lower price-point, it's in the interest of the business to go with that cheaper option.

So yeah, gmail's spam filtering might be better and/or effective, but the business chose to not care about that simply because they don't see dealing with the expected level of spam as a significant cost to the business, relative to the cost of going with Google For Work.

An ISP, for sure, can block whatever you want. But this is now a policy issue - the ISP probably says it's not up to them to determine if something is spam or not. Who knows, you might actually WANT to purchase pill-formed sugar cubes, thinking that this would increase your penis size, even though you're female. Sounds silly, I know, but the point is that the ISP considers this YOUR problem. *Their* problem is getting the communications reliably to you.

Finally, unless you control the server that added the specific header to the mail, DO NOT trust whatever's in there. It's just text, and don't you ever forget it.

Link to comment
Share on other sites

A lot of universities have moved away from having their own servers, which is understandable from a cost stand point and email servers get attacked a hell of a lot. As for companies, well any non US company would be insane to have anything confidential in the US, as they are likely to pass it (willingly or not) to the US government, who then pass it onto American competitors. This is widely known to have happened  with Airbus a European company and Boeing as US company. You can't blame the US for doing this, its protecting jobs and what is good for them, which is what governments are meant to do, but you can't trust US services if you aren't American, the same could be said for a lot of other countries. 

Link to comment
Share on other sites

On 6/15/2016 at 9:02 PM, metatron said:

A lot of universities have moved away from having their own servers, which is understandable from a cost stand point and email servers get attacked a hell of a lot. As for companies, well any non US company would be insane to have anything confidential in the US, as they are likely to pass it (willingly or not) to the US government, who then pass it onto American competitors. This is widely known to have happened  with Airbus a European company and Boeing as US company. You can't blame the US for doing this, its protecting jobs and what is good for them, which is what governments are meant to do, but you can't trust US services if you aren't American, the same could be said for a lot of other countries. 

I don't know how much I would believe this. And given the by default anti-capitalism/anti-US nature of hacker groups/hackers this just sounds like coming from that position.

Having said that I think it's more agreeable the cost problem is the real reason companies dont take this route.

But then to go a little deeper there, I see that companies end up buying email gateways, smtp services from third party anyway and the pay the managed service providers on top of it for the "support". To share an incident I see that these vendors/managed service providers, even the best of them give you an annual support contract for $6k and every time you call them for something they play the call operator, open a case for you with the TAC and take you on the conference call. lol .

I am talking from an india experience here, Is this how things are done in the western countries too?

Link to comment
Share on other sites

On 6/15/2016 at 8:33 PM, cooper said:

Finally, unless you control the server that added the specific header to the mail, DO NOT trust whatever's in there. It's just text, and don't you ever forget it.

 

email gateways use smtp connection IP how do they do that if the headers can be spoofed easily. .i am not even sure yet what does the smtp connection ip mean.

Link to comment
Share on other sites

If you look at the headers of any email you've received, you'll find that there's a whole batch of SMTP gateway servers that chose(!) to add a line to the header.

There's NOTHING preventing a gateway from stripping some of those headers and/or adding a few extra more based on random data.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...