Top 5 technologies/trends that every IT professional should be thinking about with respect to e-mail

1. Anti-spam filtering can no longer be considered a reliable tool for protecting your e-mail infrastructure and/or your users from the many threats that use e-mail as their primary insertion vector. Smart IT professionals have come to realize it is impossible to determine intent from content. As we move into the 2nd decade of the 21st century, security on the Internet in general, and for e-mail specifically, must become personalized. We can no longer afford to count on the ability, or lack thereof, of a filter to guess what is good/safe and what is not. The next era for e-mail security will be ruled by systems that provide and promote Sender Address Verification and Authentication.
2. Domain forgery must be stopped; and we have the tools at our disposal to make this happen. The time has come, once and for all, for IT professionals to embrace and deploy BOTH Sender Policy Framework (SPF — www.openspf.org) and Domain Keys Identified Mail (DKIM — www.dkim.org).
3. While its true that “cloud computing” is well on its way to becoming the “2009 Buzzword of the Year,” the time has come for IT professionals to seriously consider moving the major security components of their e-mail infrastructure onto their own private islands within the greater computing cloud. Processes like anti-spam, anti-virus, anti-threat, compliance, data leakage prevention, and managed file transfer can be addressed more effectively and more efficiently before any data ever reaches the threshold of your private network.
4. In a difficult economy like we have today, e-mail is a more important tool than ever. E-mail is the ultimate asynchronous communication tool and is critical as a cost effective means for individuals to communicate over long (and short) distances. In both the medium and long terms, IT professionals must continue to strengthen their e-mail infrastructures. Now is not the time for cost cutting with respect to e-mail.
5. Early this month Google announced their newest project: Wave (wave.google.com/help/wave/about.html). While it is too early to tell if this new project/protocol will have any real impact in the near term, looking forward 18 – 36 months, this is something upon which IT professionals should keep close watch. If Google is even remotely successfully, and who would bet against Google, this new and open protocol has the potential to completely change the way people communicate on the Internet through the merging of e-mail, instant messaging (IM), and real-time collaboration.

Phishing, with a side of Swine Flu

I just read the following on the MSNBC web site:
(http://tinyurl.com/msnbc-phishing-swine-flu)

Phishing with Swine Flu as bait

Phishers and spammers have caught Swine Flu fever and are exploiting fears around the outbreak to try to sell pharmaceutical products or steal information, security experts said Tuesday.

The e-mail scams have a subject line related to the Swine Flu and typically contain either a link to a phishing Web site or an attachment that contains malicious code, the US-CERT said in an advisory. (Read More…)

Stuff like this reminds me how evil some people can be, and how ubiquitous email has become. Let’s be clear, these types of attacks always happen through email. Not through websites. Not through your fax machine. Not via instant messaging (IM), or SMS. These attacks don’t reach you via your cell phone, and these attacks don’t arrive via FedEx or UPS. Its ALWAYS via email.

For the last decade companies like Microsoft, Cisco, Symantec, Google, McAfee, Trend Micro, Sonic Wall, Barracuda Networks, etc. have made (and spent) billions of dollars trying to convince us they know what they are doing when it comes to the security of our email. How much longer, and how many more exploits like this one, is it going to take before people realize that email, the original social networking application, deserves to be secured the same way Facebook, Twitter, LinkedIn, AIM, and Plaxo are secured?

Isn’t it time, once and for all, for authenticated email to take the main stage? What is everyone so afraid of? Threat free email is available, today, and is currently in use by millions of people and thousands of companies around the world.

It is time to stop the insanity. Continuing to do what you’ve always done (filtering your email) will always yield the mediocre results you are seeing today.

Google: Spammers Rally Back From McColo Shutdown

Google: Spammers Rally Back From McColo Shutdown

http://www.eweek.com/c/a/Security/Google-Spammers-Rally-Back-From-McColo-Shutdown-639980/

“Location-based spam is the latest technique being used by ‘bad guys’ to increase the likelihood that an unsuspecting victim will not only read their message, but will actually click one of the links in the message,” explained Tal Golan, CTO of e-mail security firm Sendio. “This new methodology is the next salvo in the spam arms race, but is really just an extension of the ‘social engineering’ threat vector that has become so popular and effective in the last three years.”