My company wants is thinking about using gmail for there mail service.
I remember that a couple of years ago there was an exploit against
gmail, but since then I haven't been aware of any problems.
Is gmail any less secure than most ISP's.
Is there evidence of this, a series of exploits in the last 2 years
that I haven't heard of.
>My company wants is thinking about using gmail for there mail service.
>I remember that a couple of years ago there was an exploit against
>gmail, but since then I haven't been aware of any problems.
>Is gmail any less secure than most ISP's.
>Is there evidence of this, a series of exploits in the last 2 years
>that I haven't heard of.
You can get a domain name with hosting with 50 email addresses and
several gigabytes of server space for under $10 month. No legitimate
company should be using a free email service, in these times. Just my
opinion. If your company has over 50 employees, you certainly
shouldn't be considering a free service.
> My company wants is thinking about using gmail for there mail service.
> I remember that a couple of years ago there was an exploit against
> gmail, but since then I haven't been aware of any problems.
> Is gmail any less secure than most ISP's.
Depends on how you feel about them targeting marketing to you based on
you and your customer's correspondence. If one day that privacy
policy changes for gmail, and that information is no longer
"anonymous" or gets handily sold to third parties, heads will roll,
and whomever decided "gee, using a free email service with a
quesitonable privacy policy is a great idea!" might be among the
first.
Also, you have to think about the business card aspect. If a
business isn't stable enough to be using their own domain vs free
email service, just how legitimate is that business? These are
questions your customers may ask themselves but never tell you.
Zilbandy wrote:
> On 29 Nov 2006 00:02:20 -0800, phwashington@comcast.net wrote:
>
> >My company wants is thinking about using gmail for there mail service.
> >I remember that a couple of years ago there was an exploit against
> >gmail, but since then I haven't been aware of any problems.
> >Is gmail any less secure than most ISP's.
> >Is there evidence of this, a series of exploits in the last 2 years
> >that I haven't heard of.
>
> You can get a domain name with hosting with 50 email addresses and
> several gigabytes of server space for under $10 month. No legitimate
> company should be using a free email service, in these times. Just my
> opinion. If your company has over 50 employees, you certainly
> shouldn't be considering a free service.
>
Not to advertise for google but they have a new gmail service which
supports your domain.
We currently have email hosting service which is a little more
expensive than the above. Currently their spam filtering is terrible
and users are complaining about email size limitations.
>
> --
> Zilbandy - Tucson, Arizona USA <zil@zilbandyREMOVETHIS.com>
> Dead Suburban's Home Page: http://zilbandy.com/suburb/
> PGP Public Key: http://zilbandy.com/pgpkey.htm
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~
In article <1ajqm25ufd5mgskthbo5bq2bivblvr3rmd@4ax.com>,
Zilbandy <zil@zilbandyREMOVETHIS.com> wrote:
>On 29 Nov 2006 00:02:20 -0800, phwashington@comcast.net wrote:
>
>>My company wants is thinking about using gmail for there mail service.
>>I remember that a couple of years ago there was an exploit against
>>gmail, but since then I haven't been aware of any problems.
>>Is gmail any less secure than most ISP's.
>>Is there evidence of this, a series of exploits in the last 2 years
>>that I haven't heard of.
>
>You can get a domain name with hosting with 50 email addresses and
>several gigabytes of server space for under $10 month. No legitimate
>company should be using a free email service, in these times. Just my
>opinion. If your company has over 50 employees, you certainly
>shouldn't be considering a free service.
IMHO, there's nothing special about free that should automatically
remove it from any consideration.
You should look at the various issues involved:
- reliability of service
- quality of support
- ability to meet your needs
- ability to carry _your_ brand
- cost
and make the best overall purchasing decision. Certainly, I don't see
how a $10/month service with poor reliability is somehow better than a
free service with high reliability, other things being equal.
In article <84irgylhu8.fsf@ripco.com>, Todd H. <comphelp@toddh.net> wrote:
>phwashington@comcast.net writes:
>
>> My company wants is thinking about using gmail for there mail service.
>> I remember that a couple of years ago there was an exploit against
>> gmail, but since then I haven't been aware of any problems.
>> Is gmail any less secure than most ISP's.
>
>Depends on how you feel about them targeting marketing to you based on
>you and your customer's correspondence. If one day that privacy
>policy changes for gmail, and that information is no longer
>"anonymous" or gets handily sold to third parties, heads will roll,
>and whomever decided "gee, using a free email service with a
>quesitonable privacy policy is a great idea!" might be among the
>first.
Of course, many for-pay services effectively have the policy of "we'll
happily sell your information to anyone with money." Even those that
don't right now can change their policies at the drop of a hat.
And which large company is the one that _didn't_ just turn over lots
of records at the first request?
I'm not pushing any service or not. I'm just saying that there's
nothing special about a free service that automatically removes it
from any consideration.
Todd H. wrote:
> phwashington@comcast.net writes:
>
> > My company wants is thinking about using gmail for there mail service.
> > I remember that a couple of years ago there was an exploit against
> > gmail, but since then I haven't been aware of any problems.
> > Is gmail any less secure than most ISP's.
>
> Depends on how you feel about them targeting marketing to you based on
> you and your customer's correspondence. If one day that privacy
> policy changes for gmail, and that information is no longer
> "anonymous" or gets handily sold to third parties, heads will roll,
> and whomever decided "gee, using a free email service with a
> quesitonable privacy policy is a great idea!" might be among the
> first.
>
I already have users moving or forwarding their accounts to yahoo mail.
Can gmail be much worse?
> Also, you have to think about the business card aspect.
gmail is currently advertising the ability to host domains.
On a regular email account I believe that you can mask the gmail
account with you business address.
If a
> business isn't stable enough to be using their own domain vs free
> email service, just how legitimate is that business?
We had an important email from a customer delayed for a couple of days,
because of the size of the email (14MB). The CEO raised the same
concerns about our legitimacy-appearance, because of this
he was having to use or resorting to use yahoo for the correspondence.
He basically came at me with concerns about my inability to find a
provider that could better suit his needs. His basis being that yahoo
and our customer didn't seem to be having a problem with these size
emails.
>These are
> questions your customers may ask themselves but never tell you.
>
>
> Best Regards,
> --
> Todd H.
> http://www.toddh.net/
On 29 Nov 2006, in the Usenet newsgroup alt.computer.security, in article
<1164808261.022983.111220@j72g2000cwa.googlegroups .com>, phwashington@comcast.net wrote:
>Todd H. wrote:
>> phwashington@comcast.net writes:
>>
>>> My company wants is thinking about using gmail for there mail service.
>>> I remember that a couple of years ago there was an exploit against
>>> gmail, but since then I haven't been aware of any problems.
>>> Is gmail any less secure than most ISP's.
Depends on how you define security
>> Depends on how you feel about them targeting marketing to you based on
>> you and your customer's correspondence.
Yeah, people never bother to read all those terms/conditions.
>> If one day that privacy policy changes for gmail, and that information
>> is no longer "anonymous" or gets handily sold to third parties, heads
>> will roll, and whomever decided "gee, using a free email service with
>> a quesitonable privacy policy is a great idea!" might be among the
>> first.
If they are hosting the domain name that has no obvious connection to
google, that might be tolerable - but some people block all access to
64.233.160.0/19.
>I already have users moving or forwarding their accounts to yahoo mail.
> Can gmail be much worse?
Is -999 worse than -998? Both are blocked here.
>> Also, you have to think about the business card aspect.
You mean "some_impressive_sounding_name@aol.com" ? I can't tell you how
many companies lost any chance of doing business with me (and a number of
companies I'm aware of) because of the horrible image their domain name
presented.
>gmail is currently advertising the ability to host domains.
Are they also hosting your domain - _directly_ providing you with your
network connectivity? If so, I hope someone made a full check of what
mail looks like that comes through their servers.
>> If a business isn't stable enough to be using their own domain vs free
>> email service, just how legitimate is that business?
>We had an important email from a customer delayed for a couple of days,
>because of the size of the email (14MB). The CEO raised the same
>concerns about our legitimacy-appearance, because of this
> he was having to use or resorting to use yahoo for the correspondence.
1. If your business depends on the timely reception of e-mail, someone
needs to seriously go back to square one and read the RFCs. 'e-mail' is
a "best effort" type of service, AND THERE ARE NO GUARANTEES THAT IT WILL
WORK, never mind arrive at a destination in a reasonable time.
2. Someone obviously failed to do a "due-diligence" test on selecting
the mail providers. If that wasn't you, get your resume out on the
street soonest. If that _was_ you - consider changing careers. Really.
3. I can understand that there could be problems with mails that big.
If you are running sendmail, look at /etc/sendmail.cf and see what is
set for "MaxMessageSize". The default is often one meg. There often is
a "MinFreeBlocks" setting that impacts mail delivery as well. This is
true of most MTAs and should be in the documentation.
> He basically came at me with concerns about my inability to find a
>provider that could better suit his needs. His basis being that yahoo
>and our customer didn't seem to be having a problem with these size
>emails.
There are something on the order of thirty _thousand_ network providers
in the United States of America. At the very least, you should be able
to get connectivity via DSL or Cable from several _local_ providers. As
this is a business, you should be talking about a business _grade_
account, and that should allow you to run your own mail servers. If you
are a mom-and-pop with one IP address, research the providers by searching
the "news.admin.net-abuse.*" newsgroups. Depending on your business model,
you may want to have your provider SWIP the IP space to you, and see that
your IP address is not in a dynamic range if you expect your mail to be
accepted elsewhere. AS AN EXAMPLE, you're posting from a Road Runner
address, and if you look it up you find
Hostname contains IP address. Hostname contains "res" suggesting
"residential" rather than "business" or even "static". Do the "A" and "PTR"
DNS records match (I don't know - you'd have to check that)? A few minutes
in the news.admin.net-abuse.blocklisting newsgroup would suggest why this
would be a really bad address to try to send mail from.
Moe Trin wrote:
> On 29 Nov 2006, in the Usenet newsgroup alt.computer.security, in article
> <1164808261.022983.111220@j72g2000cwa.googlegroups .com>,
> phwashington@comcast.net wrote:
>
> >Todd H. wrote:
> >> phwashington@comcast.net writes:
> >>
> >>> My company wants is thinking about using gmail for there mail service.
> >>> I remember that a couple of years ago there was an exploit against
> >>> gmail, but since then I haven't been aware of any problems.
> >>> Is gmail any less secure than most ISP's.
>
> Depends on how you define security
>
> >> Depends on how you feel about them targeting marketing to you based on
> >> you and your customer's correspondence.
>
> Yeah, people never bother to read all those terms/conditions.
>
> >> If one day that privacy policy changes for gmail, and that information
> >> is no longer "anonymous" or gets handily sold to third parties, heads
> >> will roll, and whomever decided "gee, using a free email service with
> >> a quesitonable privacy policy is a great idea!" might be among the
> >> first.
>
> If they are hosting the domain name that has no obvious connection to
> google, that might be tolerable - but some people block all access to
> 64.233.160.0/19.
>
> >I already have users moving or forwarding their accounts to yahoo mail.
> > Can gmail be much worse?
>
> Is -999 worse than -998? Both are blocked here.
>
> >> Also, you have to think about the business card aspect.
>
> You mean "some_impressive_sounding_name@aol.com" ? I can't tell you how
> many companies lost any chance of doing business with me (and a number of
> companies I'm aware of) because of the horrible image their domain name
> presented.
>
> >gmail is currently advertising the ability to host domains.
>
> Are they also hosting your domain - _directly_ providing you with your
> network connectivity? If so, I hope someone made a full check of what
> mail looks like that comes through their servers.
>
> >> If a business isn't stable enough to be using their own domain vs free
> >> email service, just how legitimate is that business?
> >We had an important email from a customer delayed for a couple of days,
> >because of the size of the email (14MB). The CEO raised the same
> >concerns about our legitimacy-appearance, because of this
> > he was having to use or resorting to use yahoo for the correspondence.
>
> 1. If your business depends on the timely reception of e-mail, someone
> needs to seriously go back to square one and read the RFCs. 'e-mail' is
> a "best effort" type of service, AND THERE ARE NO GUARANTEES THAT IT WILL
> WORK, never mind arrive at a destination in a reasonable time.
>
> 2. Someone obviously failed to do a "due-diligence" test on selecting
> the mail providers. If that wasn't you, get your resume out on the
> street soonest. If that _was_ you - consider changing careers. Really.
There is a strong possibility that the email providers performance has
changed over
the past few years. I don't think there is any reason for changing
jobs or careers here.
Part of the problem may be with the users. I think a couple of them
are using their email
addresses when they register for porn sites, another when he downloads
free software
off the internet and another to register for sites that report the
latest sales ( this one was the
closest to being job related, the user is in charge of purchasing
office supplies).
>
> 3. I can understand that there could be problems with mails that big.
> If you are running sendmail, look at /etc/sendmail.cf and see what is
> set for "MaxMessageSize". The default is often one meg. There often is
> a "MinFreeBlocks" setting that impacts mail delivery as well. This is
> true of most MTAs and should be in the documentation.
>
> > He basically came at me with concerns about my inability to find a
> >provider that could better suit his needs. His basis being that yahoo
> >and our customer didn't seem to be having a problem with these size
> >emails.
>
> There are something on the order of thirty _thousand_ network providers
> in the United States of America. At the very least, you should be able
> to get connectivity via DSL or Cable from several _local_ providers. As
Believe it or not there are still some places where you can't get this.
Every
business within a block needing Broadband has either a fractional T1 or
better.
Some of the businesses are using dial up.
> this is a business, you should be talking about a business _grade_
> account, and that should allow you to run your own mail servers. If you
> are a mom-and-pop with one IP address, research the providers by searching
> the "news.admin.net-abuse.*" newsgroups. Depending on your business model,
> you may want to have your provider SWIP the IP space to you, and see that
> your IP address is not in a dynamic range if you expect your mail to be
> accepted elsewhere. AS AN EXAMPLE, you're posting from a Road Runner
> address, and if you look it up you find
>
> [compton ~]$ host 76.185.8.150
> 150.8.185.76.IN-ADDR.ARPA domain name pointer cpe-76-185-8-150.tx.res.rr.com
> [compton ~]$
>
> Hostname contains IP address. Hostname contains "res" suggesting
> "residential" rather than "business" or even "static". Do the "A" and "PTR"
> DNS records match (I don't know - you'd have to check that)? A few minutes
> in the news.admin.net-abuse.blocklisting newsgroup would suggest why this
> would be a really bad address to try to send mail from.
>
On 2 Dec 2006, in the Usenet newsgroup alt.computer.security, in article
<1165052300.766612.272080@l12g2000cwl.googlegroups .com>, phwashington@comcast.net wrote:
>Moe Trin wrote:
>> 2. Someone obviously failed to do a "due-diligence" test on selecting
>> the mail providers. If that wasn't you, get your resume out on the
>> street soonest. If that _was_ you - consider changing careers. Really.
>There is a strong possibility that the email providers performance has
>changed over the past few years. I don't think there is any reason for
>changing jobs or careers here.
Watching for mention of the provider or IP range in the Usenet newsgroup
'news.admin.net-abuse.sightings' (and in the 'news.admin.net-abuse.*'
hierarchy will avoid a lot of surprises.
>Part of the problem may be with the users. I think a couple of them
>are using their email addresses when they register for porn sites,
>another when he downloads free software off the internet and another
>to register for sites that report the latest sales ( this one was the
>closest to being job related, the user is in charge of purchasing
>office supplies).
That's a company policy problem, not something that you can control as
a network administrator. The policy should detail what is allowable use
of email (which includes the use of the company mail address). (Comment:
That's why I'm posting from an ISP account and not mentioning the name
of the company at all.) The third user may or may not be OK - it's
hard to tell with no details. Obviously the first is not, and the
second is iffy (not acceptable if the downloads are personal, but may
be needed if support is required when the stuff is downloaded for
company use). For the latter, we have special mail accounts that are
only used for registration purposes.
>Believe it or not there are still some places where you can't get this.
>Every business within a block needing Broadband has either a fractional
>T1 or better. Some of the businesses are using dial up.
Those with fractional T1 or better shouldn't need to also obtain their
address space directly from the connectivity provider. In the 1990s, we
got our connection to the world from BBN, but have had our own direct
assignment from ARIN since the mid-80s. BBN appeared as the last few hops
on a traceroute and was advertising our AS number, but that was it. Today,
DSL can work the same way. As for dialup, yeah - that's a lot more
difficult.
> In article <1ajqm25ufd5mgskthbo5bq2bivblvr3rmd@4ax.com>,
> Zilbandy <zil@zilbandyREMOVETHIS.com> wrote:
>
>>On 29 Nov 2006 00:02:20 -0800, phwashington@comcast.net wrote:
>>
>>
>>>My company wants is thinking about using gmail for there mail service.
>>>I remember that a couple of years ago there was an exploit against
>>>gmail, but since then I haven't been aware of any problems.
>>>Is gmail any less secure than most ISP's.
>>>Is there evidence of this, a series of exploits in the last 2 years
>>>that I haven't heard of.
>>
>>You can get a domain name with hosting with 50 email addresses and
>>several gigabytes of server space for under $10 month. No legitimate
>>company should be using a free email service, in these times. Just my
>>opinion. If your company has over 50 employees, you certainly
>>shouldn't be considering a free service.
>
>
> IMHO, there's nothing special about free that should automatically
> remove it from any consideration.
>
> You should look at the various issues involved:
>
> - reliability of service
> - quality of support
> - ability to meet your needs
> - ability to carry _your_ brand
> - cost
>
> and make the best overall purchasing decision. Certainly, I don't see
> how a $10/month service with poor reliability is somehow better than a
> free service with high reliability, other things being equal.
>
> Craig
>
Gmail does demand enabling 3rd party cookies sans privacy policy and
active-X before you can even log in...may or may not matter to you...
warf.
warf wrote:
[snip]
> Gmail does demand enabling 3rd party cookies sans privacy policy and
> active-X before you can even log in...may or may not matter to you...
> warf.
facts may or may not matter to you - gmail requires neither 3rd party
cookies nor active-x...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
kurt wismer wrote:
> warf wrote:
> [snip]
>
>> Gmail does demand enabling 3rd party cookies sans privacy policy and
>> active-X before you can even log in...may or may not matter to you...
>> warf.
>
>
> facts may or may not matter to you - gmail requires neither 3rd party
> cookies nor active-x...
>
FACTS DO, sarcasm doesn't. I have tried all manner of cookie handling
methods and unless 3rd party cookies are enabled I get the piss off
popup. Active-X same deal.
Enlighten me....
Sebastian Gottschalk wrote:
> warf wrote:
>
>
>>kurt wismer wrote:
snip...
>>[snip my fained outrage]. I have tried all manner of cookie handling
>>methods and unless 3rd party cookies are enabled I get the piss off
>>popup. Active-X same deal.
>>Enlighten me....
>
>
> You should do so. I have Mozilla Seamonkey 1.05 running with no Active-X
> support, and it works fine. However, the Active-X plugin doesn't work
> anyway, so how did you make it run? It doesn't even work on Mozilla 1.7.14,
> not to mention Firefox 2.0.
>
> And of course, no cookies with domain attribute (goes that's what you meant
> with "3rd party") or even permanent.
Correct, 3rd party seems to imply 'cookie sent to and read from location
other than who you think you are connected to [google.com] And
persistent is permanent...they never expire.
>
> At any rate, why do you want to use the web interface to access Gmail?
> AFAIK is supports POP3.
Correct you are. I actually gave up on gmail long ago and use it only
for a throwaway email when i have to register somewhere for access.
RE pop3, I forgot about that... I don;t know if 3rd party cookies are
required and active-x would not likely be necessary.
You saw it here first "I'm sorry".
I was so put off by the scanning and archiving and 'sharing' of content
that I gave up....even though i had no criminal intent.
Warf.
warf wrote:
> kurt wismer wrote:
>> warf wrote:
>> [snip]
>>
>>> Gmail does demand enabling 3rd party cookies sans privacy policy and
>>> active-X before you can even log in...may or may not matter to you...
>>> warf.
>>
>>
>> facts may or may not matter to you - gmail requires neither 3rd party
>> cookies nor active-x...
>>
>
> FACTS DO, sarcasm doesn't. I have tried all manner of cookie handling
> methods and unless 3rd party cookies are enabled I get the piss off
> popup. Active-X same deal.
> Enlighten me....
i've had 3rd party cookies disabled in firefox for quite some time and
firefox doesn't even support active-x so when i access gmail with
firefox it is doing so without either of those things...
frankly, i'm not even sure what 3rd party cookies would be applicable
for gmail since they do all their own ads...
--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
Sebastian Gottschalk wrote:
> warf wrote:
>
>
>>Correct, 3rd party seems to imply 'cookie sent to and read from location
>>other than who you think you are connected to [google.com]
>
>
> No. "3rd party" cookies means that no cookie is allowed to enable
> referencing to other website. That means, when you go on google.com,
> normally only the cookie for google.com is accessed and transmitted only to
> google, not any other including sites, and neither can they set any
> cookies. However, google.com may allow the google.com cookie to be sent to
> these other sites, via the 'domain' attribute inside the cookies.
I think this is either a semantic thing or a language issue....[And I
mean no disrespect by 'the language thing' since my german is limited to
a few curse words and salutations]
I think i mean the same thing, 3rd party means cookies set by a location
other than Gmail [gmail.goggle.com]
>
>>And persistent is permanent...they never expire.
>
>
> Sorry, but that's nonsense. From the view of the server, the actual
> expiration of the cookie at the client side is transparent, thus he cannot
> tell whether you will actually keep it after closing the browser or not, or
> just if you delete it even earlier.
Again, I mean 'they don;t expire on your computer', [not the server]
unless you delete them from the cookies folder.
.....snip
> Cookies are only useful in context of HTTP sessions - POP3 is a completely
> different protocol.
I do stand corrected..I am treading on thin ice which is why i have
stopped by this NG...to learn mostly.
Warf
PS. Again no disrespect, but the Germanic people I know [Dutch, German,
Swiss] tell me that metaphoric humour is more of an Anglo thing...so
maybe my sardonic and whimsical comments are taken literally???
gmail security 
Linear Mode
