- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
SANS InfoSec Reading Room - Email Issues
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring 44 papers as of Nov 22, 2009
Zombie profiling with SMTP greylisting- By: Jeremy Koster (posted on January 12, 2009)
- This paper observes that computer zombies react differently to being greylisted, providing a method to profile computer zombies into various types.
- Detecting Spam with Genetic Regular Expressions
- By: Eric Conrad (posted on November 20, 2007)
- SPAM and Anti-Spam
- By: T. Brian Granier (posted on May 14, 2007)
- This paper discusses many issues related to SPAM (any marketing, deceptive, or abusive use of email that the recipient does not wish to receive) and Anti-SPAM.
- The Growing Threats to Email Communications in 2004
- By: Scott Palmer (posted on May 5, 2005)
- The number of threats to email has increased to epidemic levels in the 2004 despite the industries best efforts to keep them in check.
- Creating a Hardened Internet SMTP Gateway on Exchange 2003
- By: Bret Fisher (posted on May 5, 2005)
- This paper will evaluate a 'locked down' inbound mail gateway (receives email from the Internet) design on Windows 2003 and Exchange 2003, using a set of complementing software products including Microsoft ISA Server 2004 and McAfee SecurityShield for Microsoft ISA Server 1.0.
- Email Security Threats
- By: Pam Cocca (posted on January 27, 2005)
- In this paper I will outline the various threats to email security, focusing on those that are of particular concern. I will then review some of the most recent advancements in the industry that are aimed at solving some of these issues.
- A Company in Chapter Eleven Doesnt Have to Eat SPAM
- By: Bob Olson (posted on June 9, 2004)
- This paper is a case study detailing the replacement of a commercial E-mail filtering system with one made up of all Open Source Software. The main goals were to reduce delivery time, increase accuracy of spam and Malware detection and to reduce operating costs.
- Utilizing Open-Source Software to Build a (Relatively) Secure, Spam- and Virus-Free Mail Service
- By: David Bailey (posted on June 9, 2004)
- Electronic mail (email) services have become critical to survival, whether a commercial business, non-profit organization, or government agency, in today's information-centric world. There are a myriad of solutions for providing email services, some are cost-effective and some are cost-prohibitive.
- Eradicating Spam Through a Hybrid Sender-Pays Model
- By: Ron Jager (posted on June 8, 2004)
- The evolution of email as a network message exchange was developed for the ARPANET shortly after it was created, and has evolved into the powerful technology we use today. It soon became obvious that the ARPANET was becoming a human-communication medium with very important advantages over normal U.S. mail and over telephone calls.
- Exchange 2000 Security an Overview
- By: Charles Polkiewicz (posted on March 31, 2004)
- Exchange 2000 is a Microsoft premier messaging product, with over 100 million licenses sold throughout the world1. Securing this product is a challenge for any administrator. Proper administration requires both knowledge of the product and understanding of security policies involved.
- Implementing a SPAM Filtering Gateway with Apache James
- By: Kraig Schario (posted on March 25, 2004)
- This paper discusses the configuration of a SPAM Filtering Gateway using the Java Apache Mail Enterprise Server, James, developed by The Apache Software Foundation.
- Controlling Spam in a Small Business
- By: Nadim El-Khoury (posted on November 6, 2003)
- This paper will explain methods spammers are using to exploit e-mail, what measures are being taken by ISPs to curb the effect of spam and what choices are available for small companies to control spam and the productivity of their employees.
- Email in the New Era (Version 1)
- By: Guang Chen (posted on October 31, 2003)
- This paper addresses how e-mail can be effectively and safely used in this new era.
- The Security Implications of Web Based Email
- By: Eric Trombold (posted on October 31, 2003)
- This paper addresses four areas of risk posed by the unrestricted use of web based email services and ways to manage that risk.
- Securing Web Based Corporate E-Mail Using Microsoft Exchange Outlook Web Access
- By: Michael Parker (posted on October 31, 2003)
- This paper addresses Microsoft's Outlook Web Access (OWA), an extension of the Exchange 5.5 mail system.
- SMTP Gateway Virus Filtering with Sendmail and AMaViS
- By: Kevin Swab (posted on October 31, 2003)
- This paper describes the software necessary for adding low-cost virus filtering capability to any UNIX / Sendmail SMTP gateway, details its installation and configuration, and relates some observations on its use.
- Stopping Viruses at a Unix Mail Gateway
- By: Thomas A. Heinrichs (posted on October 31, 2003)
- This paper addresses the ability to protect users from viruses at a Unix mail gateway using both commercial and freely available tools.
- Protecting Email in a Hostile World with TLS and Postfix
- By: David F. Severski (posted on October 31, 2003)
- This paper addresses Transport Layer Security (TLS) and how it can be a very effective enhancement to keep email safe, secure, and private.
- Securing Email Through Proxies: Smap and Stunnel
- By: Jim Cabral (posted on October 31, 2003)
- This paper describes an approach to securing complex mail application using a common firewall technology, application proxies.
- Hotmail: Why Free Email Might Not Be Such a Hot Idea
- By: Michael Barrett (posted on October 31, 2003)
- This paper addresses some of the challenges with Hotmail, a free email service purchased by Microsoft in 1997.
- Securing E-mail
- By: Sharipah Setapa (posted on October 31, 2003)
- This paper addresses some of the challenges and issues of securing email.
- Anti Spamming - How to Filter Unsolicited e-mail on Your Mail Server
- By: Nam Tran (posted on October 31, 2003)
- This paper addresses the issue of SPAM and how sendmailTM and IP Filters offer Spam-prevention features.
- A Practical Approach to Message Encryption
- By: Edward Skerke (posted on October 31, 2003)
- This paper provides a description of the mail encryption provided by ZixMail. and ZixMail.Net. from a security and business perspective by highlighting the advantages and disadvantages of these products.
- Beyond Email: Defending Against Malicious Code in a Healthcare Setting
- By: Dianne Belt (posted on October 31, 2003)
- This paper takes an in-depth look at defending healthcare organizations from malicious code, from the perspective that effective protection requires a multilevel defense that includes polices and procedures, user education, physical security, system configuration and maintenance, password management, anti-virus software, and adequate backups, and the support of the entire organization.
- Implementing a Bulletproof MTA
- By: Nick Reeves (posted on October 31, 2003)
- This paper provides comprehensive instructions for installing and setting up the qmail Mail Transfer Agent (MTA).
- A Robust Email Infrastructure using Sendmail 8.12
- By: Alan Ptak (posted on October 31, 2003)
- This document provides an overview of how sendmail and sound network security practices can be combined to create a robust scalable electronic mail infrastructure.
- Security Features of Lotus Notes/Domino Groupware
- By: Vivekanand R. Chudgar (posted on October 31, 2003)
- This document provides an overview of Lotus Notes from a security perspective with particular focus on security related features, roles / options and limitations.
- Securing Exchange 2000 Server E-mail
- By: Bill English (posted on October 31, 2003)
- The focus of this paper is on how to secure Exchange 2000 Server e-mail.
- The Spam Battle 2002: A Tactical Update
- By: Karl A. Krueger (posted on October 31, 2003)
- This paper provides an overview of the spam situation, presenting policy and technical tools to continue the fight against spam.
- Secure eMail: Determining an Enterprise Strategy and Direction
- By: Marian B. Gurowicz (posted on October 31, 2003)
- This paper takes a look at the research needed for developing a management proposal for a secure eMail solution.
- Security Issues in Running an Email
- By: Jerry Berkman (posted on October 31, 2003)
- This paper discusses security topics with respect to administering an email system.
- What it is, how can it affect us, and how to deal with spam.
- By: Adalberto Zamudio (posted on October 31, 2003)
- This paper explores the problem of spam, its nature and also the reasons why it is a security risk. It also describes some of the techniques that are currently used to deal with spam including basic technical and policy methodology.
- Fighting Spam in the Academic Arena
- By: Bev Weidmann (posted on October 31, 2003)
- This paper addresses the issue of spam and discusses a multi-layered approach: at the source, on the network, and with the enduser.
- Gotcha! : Virus and E-mail Hoaxes
- By: Charles Coffman (posted on October 31, 2003)
- This paper addresses the existence of virus and e-mail hoaxes uses resources, costs money, and picks and pulls at the already frayed nerves of the often overworked, understaffed information technology corps.
- Securely Connecting Your Email System To the Internet - A Primer
- By: Stephen Cottrell (posted on October 31, 2003)
- This paper examines the basics that need to be considered when building a secure email connection to the Internet using an SMTP gateway.
- Options For Securely Deploying Outlook Web Access
- By: Sharon Smith (posted on October 31, 2003)
- This paper will provide an overview of Outlook Web Access and how it functions to deliver Exchange server mail via HTTP.
- Technologies to Combat Spam
- By: Thomas Knox (posted on October 31, 2003)
- This paper addresses the issue of spam and will give you some background, its proliferation, some of the issues and information about spam.
- Slippery Slope or Terra Firma? Current and Future Anti-Spam Measures
- By: Charlene LeBlanc (posted on October 31, 2003)
- This paper will help to explain current methods that are used to send out spam, combat spam, and legislation in place to hold abusers accountable and will also take a look at what might be on the technology horizon with more robust filtering methods and perhaps a better SMTP standard.
- Solving HealthCare’s eMail Security Problem
- By: Bill Pankey (posted on October 31, 2003)
- This paper discusses email security and recommends solutions to the healthcare organization's problem in securing its mail.
- Spam Filtering in a Small Business Environment, a Case Study
- By: Richard Snow (posted on October 31, 2003)
- This case study describes the process of researching and implementing a filter for email "SPAM" in an organization of modest size, running Microsoft Exchange 5.5 and IMC.
- Securing Electronic Mail in a Small Company
- By: Nikolai Fetissov (posted on October 31, 2003)
- This paper presents a typical email configuration of a small company, the associated vulnerabilities, and demonstrates how free open source tools help reduce the risks
- Building a secured open source mail system for Small Medium Enterprise (SME)
- By: Tan Ming Han (posted on October 31, 2003)
- This document aims to provide the possibility of using secured open source mail system solution for SME.
- Third-Party Mail Relay (Open Relay) and Microsoft Exchange Server
- By: Jeremy Stewart (posted on October 31, 2003)
- In the following paper I will be discussing the topic of Third Party Mail Relay, or Open Relay, the SMTP protocol, and the unwanted side affects of having a system that is configured as an open relay.
- A Secure Sendmail Based DMZ for the Corporate Email Environment
- By: Jason McLellan (posted on October 31, 2003)
- Adding a layer of simple mail transfer protocol (SMTP) infrastructure in the demilitarized zone (DMZ) between the Internet and your corporate email system is an effective way for corporate environments to enhance the security and functionality of their electronic email systems.
Check Them Out!
The quality of a SANS course is "exceptional" and the instructors are true experts with real experience.
-Todd Coston, Kern Community College District
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy