That's not reliable either, and there are many different ways of being flawed, some more serious than others. The model that you proposed is deeply flawed for anybody that doesn't have a closed set of correspondents using an identical security model.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of CM Poncelet <[email protected]> Sent: Wednesday, September 23, 2020 9:10 PM To: [email protected] Subject: Re: Caution: "Hacked" email caused the distribution of a potentially harmful attachment All software filters are fundamentally flawed, because they presume to recognize and 'understand' what is or not SPAM - which is logically impossible. The only reliable filter is the hardware one, which assumes by default that every received email is SPAM *unless* a message filter rule says it is legitimate. That is how ACF2 enforced security - by denying any access to a resource unless an ACF rule permitted it. On 22/09/2020 23:14, Seymour J Metz wrote: > The commercial filters are mostly broken in all sorts of fascinating ways. If > it's an option your best choice is to find a provider competent to select or > write decent filters. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf of > Charles Mills <[email protected]> > Sent: Tuesday, September 22, 2020 5:25 PM > To: [email protected] > Subject: Re: Caution: "Hacked" email caused the distribution of a potentially > harmful attachment > > The commercial e-mail malware filters watch for e-mail where the "from" > address and the headers do not match. > > They did not used to. The *SPAM* filters watched for the mis-match, but not > the malware filters. The notorious RSA hack began with a spear-phishing > e-mail with an attachment of an Excel spreadsheet containing a zero-day > exploit. RSA's SPAM filter caught it! However, two enterprising employees > dragged the e-mail out of their SPAM folder and opened it and the attached > spreadsheet. > > Ever since then the malware filter publishers have been watching for this > mismatch and treating it as potential malware rather than merely potential > SPAM. > > Charles > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of CM Poncelet > Sent: Tuesday, September 22, 2020 2:05 PM > To: [email protected] > Subject: Re: Caution: "Hacked" email caused the distribution of a potentially > harmful attachment > > Hence, check your trash/deleted folder and then create message filters > for any legitimate emails it contains, then run your message filters > against your trash/deleted folder to move the legitimate emails out of > there and into your "Inbox" folder or whatever other appropriate folders > - and these legitimate emails will then no longer be trapped as > spam/scam emails. What these 'not spam/scam' message filters should > contain and check for is up to you. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > . > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
