Richard,
> Well, I don't see how that belongs on this list, but personally
> I think everything except "Size" is none of your business... Security
> doesn't have anything to do with evesdroping...
With all due respect, that is nonsense.
Firstly, eavesdropping *is* a legitimate tool in the toolbag of the
person responsible for security. This is as true of e-mail as it is for
telephones, and yes, I know of people whose phone calls are routinely
monitored and/or recorded (they know in advance that this will occur,
they are free to find an employer who won't tap their phone).
Secondly, consider the defect tracking product that we run that uses
e-mail to keep remote databases in sync. Knowing that it is exchanging
x Mb of mail with site A and y Mb with site B is probably more
interesting to me than the fact that last week we shifted 1294cps of
NNTP traffic through our firewall 24x7x60x60. The easiest way to find
that out is to analyze the mailer logs for from/to/size/time data.
Thirdly, my employer owns the machines. I signed a contract saying I
would only use them for business purposes. Even though that is very
loosely interpreted they are free to impose a policy that forbids
personal e-mail through the firewalls. If they did so then quite likely
we would enforce that by monitoring the logs, not by adding yet more
code to a mailer system that is already about 50000 lines too long.
--
nreadwin @
london .
micrognosis .
com Phone: +1 718 273 8234
Anything is a cause for sorrow that my mind or body has made
References:
|
|
