Results 1 to 10 of 10
  1. #1
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    443

    Default The only safe email is text-only*email

    Problem solved! :-J

    "As technologists, we have long since come to terms with the fact that some technology is just a bad idea, even if it looks exciting. Society needs to do the same. Security-conscious users must demand that their email providers offer a plain-text option. Unfortunately, such options are few and far between, but they are a key to stemming the webmail insecurity epidemic."
    https://theconversation.com/the-only...ly-email-81434
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  2. #2
    Master Untangler
    Join Date
    May 2010
    Posts
    436

    Default

    Why do you think my default email type when writing email in Outlook is "plain text"?

  3. #3
    Untangler
    Join Date
    Mar 2017
    Posts
    64

    Default

    Well, this could be a nice Untangle app to put in front of our MTAs. Strip all HTML and scripting and convert only the text portions to a plain text mime type.

    A more complex one could try to sanitize the mail content (since I'm not using SPAM and Phish blocker I don't know if this is already done in any way) - e.g. ScoutIQ could help in filtering obvious malicious URLs embedded in links.
    Last edited by docfuz; 09-12-2017 at 06:19 AM.

  4. #4
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    443

    Default

    Quote Originally Posted by JasonJoel View Post
    Why do you think my default email type when writing email in Outlook is "plain text"?
    You do realize emails you send are not the issue [for you], it's those you receive that are problematic...
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  5. #5
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    443

    Default

    Quote Originally Posted by docfuz View Post
    Well, this could be a nice Untangle app to put in front of our MTAs. Strip all HTML and scripting and convert only the text portions to a plain text mime type.

    A more complex one could try to sanitize the mail content (since I'm not using SPAM and Phish blocker I don't know if this is already done in any way) - e.g. ScoutIQ could help in filtering obvious malicious URLs embedded in links.
    This doesn't resolve the problem with webmail...
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  6. #6
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    443

    Default

    What would be exceptional is the hosting company to offer to convert to plain text all incoming/outgoing emails as a paid service...WINNING!
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  7. #7
    Master Untangler
    Join Date
    May 2010
    Posts
    436

    Default

    Quote Originally Posted by f1assistance View Post
    You do realize emails you send are not the issue [for you], it's those you receive that are problematic...
    Yes, but people should lead by example, and not continue to perpetrate the problem either...

    So if YOU are sending non-plain text emails, you are just as much part of the problem. And I am using the 'royal' you in this context.
    Last edited by JasonJoel; 09-12-2017 at 07:57 AM.

  8. #8
    Untangler
    Join Date
    Mar 2017
    Posts
    64

    Default

    Quote Originally Posted by f1assistance View Post
    This doesn't resolve the problem with webmail...
    Big Brother aside, I receive far more spam and malicious links on private MTAs than on big companies ones like Gmail's. For specific and/or intranet webmails linked on a protected MTA this could still work.

    Quote Originally Posted by f1assistance View Post
    What would be exceptional is the hosting company to offer to convert to plain text all incoming/outgoing emails as a paid service...WINNING!
    This doesn't resolve the problem with webmail - as they are almost all using HTTPS now. Oops, nope, sorry. For a moment I read ISPs and not hosting companies. Yes, that could be a solution. But as JasonJoel says, the problem is cultural, too. Not too many people would use plain text instead of HTML5. It would just be so old
    Last edited by docfuz; 09-12-2017 at 08:22 AM.

  9. #9
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    443

    Default

    Quote Originally Posted by docfuz View Post
    But as JasonJoel says, the problem is cultural, too. Not too many people would use plain text instead of HTML5. It would just be so old
    It seems I have a continuous conversation with clients about the second highest risk (i.e., the interweb) that touches their domain and its wrath, which they claim (at panic times) to be concerned about. My first question always is; How many of you "feel" you are inconvenienced by security? Everyone raises their hand!
    My frustrated effort(s) is to educate and change this wrongheaded idea of being inconvenienced, and to have a real expectation of security and what that might look like (e.g., plain text emails). I really haven't moved the ball much over the past 20 years...
    Anyway, I personally don't care what "many people" or even most people do or don't do...TNO means just that. All my clients take most of the risks I warn about and then pay me to fix their bad choices. The perimeter sentinel defenses can only do so much.
    FWIW, residing on the edge of the herd can be a safe lonely place especially when all the commotion and excitement exists toward the center. I do venture within to collect a check from time to time. ;-)
    Party on Wayne! Party on Garth!
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  10. #10
    Master Untangler
    Join Date
    May 2010
    Posts
    436

    Default

    Hard to argue with any of that... Being on the information security leadership team for a Fortune xx company, for me every day is a discussion about risk trade-off and how to prevent worker revolt (against security measures).

    There are many things I would have a company do differently if I were an un-fire-able King. But, that isn't how business in a large corporation works. So you strive for the minimum risk that you can get within the risk tolerance and risk appetite the company has. And know sometimes that won't be good enough and need more detailed remediation.
    f1assistance likes this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2