1/27/2005

Internet Security: Too much?

Apropos of my recent post on the many vulnerabilities of Microsoft Internet Explorer, I thought I would share another experience that has arisen in the context of this blog.

From time to time in connection with my law practice, I send out via email information to clients with an attachment. Sometimes there is little or no information in the actual text part of the email. Worse, sometimes there are multiple recipients.

Today, I noticed that three recipients rejected my email. Upon further investigation, I discovered that my law firm's IP address had been listed on a spammer service. (You can check yours here http://openrbl.org/ ) Ostensibly, this is because some mail with a virus or trojan was relayed at some point from this IP, or there was on open proxy.

This particular server runs a dedicated e-mail virus scanner that updates its indexes every 2 hours and heuristically scans for malicious code. It is behind a very expensive, very fancy Firebox firewall with literally five or six open ports. I have performed a security audit of this server on my own, and, I should add that it would be very difficult to penetrate it from outside.

I requested that my IP be removed, but I have no idea how effective this will be. This database claims that it lists 82,000+ IPs.

This is going too far.

I hate spam. I think it and spyware are combining to break the Internet. However, seriously impeding the flow of legitimate email is even more damaging. Spams can be deleted; block legitimate emails are unknown to the recipient!

Here are some suggestions in the meantime.

(1) No more e-mail lists. Use a blog or a hosted webpage and have people check the link.
(2) Use your ISP's SMTP relay exclusively (they might have ridiculous restrictions thought)
(3) Request a delivery receipt or a read receipt on all important messagegs.

It's one thing having to work to stop spam. It's another thing to have to monitor services tracking spammers to make sure your legit mail is working.

Assemblyman Disses New Regs

The Sacramento Bee reports.
State labor officials say they are simply providing choices for employees who want to work through meal breaks and leave early, rather than take a 30-minute breather in the middle of their shift.

"Frankly, I think this proposal is simply an attempt to usurp power from the Legislature and other public entities, and to consolidate it within the administration," said Koretz, D-West Hollywood.

And here's a puzzling comment. "Wednesday's hearing was the latest twist in what has become a recurrent theme at the Capitol: allegations that Gov. Arnold Schwarzenegger is taking a heavy-handed approach to labor unions." As far as I know, meal periods are not one of the things that can be bargained away in a CBA, so I don't see how that affects unions per se.

Also, "seven former employees of Thunder Valley Casino have filed a civil suit alleging sexual harassment, age and sex discrimination and wrongful termination." The Bee reports. (It's hard to beat the Bee for California issues.) I think this will be an interesting and important development, ie to see how these turn out.

NLRB finds LA area hotels' declaration of an impasse was illegal. The Los Angeles Times reports.