[ExchangeList] Re: question
- From: "Carl Houseman" <c.houseman@xxxxxxxxx>
- To: <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 20 May 2008 16:27:17 -0400
Completely correct and I also liked the "build a better idiot" comment.
Assuming users have already been told "don't do that" and most of them
comply, there will probably be more false positives than actual blocking of
SSN's from such a filter.
"There are seldom technological solutions to behavioral problems" is way
overdue for mentioning in this thread...
Carl
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Jabber Wock
Sent: Tuesday, May 20, 2008 4:16 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: question
Hi,
Actually it is not totally arbitrary. The format is xxx-yy-zzzz (the
separators can be hyphen, space, or no separator). The "xxx" must be
between 1 and 772. The "yy" and "zzzz" can be anything except 00 and 0000
respectively. Also, xxx cannot be "666" because of the controversal nature
of this number especially in the SSN context.
However, what if someone is legitimately sending a number 111223333 via
email, and it is not a SSN but some other important and meaningful number
(and it does not matter, that it is sent in cleartext for that conversation
e.g. it might be the weight in milligrams of something they ordered). Will
regular expressions alone detect whether this is a live SSN or not?
Probably not.
JW
On 5/20/08, Michael B. Smith <michael@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
You use regular expressions. It's an arbitrary nine-digit number. Exchange
2007 supports that too.
Regards,
Michael B. Smith
MCSE/Exchange MVP
http://TheEssentialExchange.com <http://theessentialexchange.com/>
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Sandra K. Hemker
Sent: Tuesday, May 20, 2008 2:45 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: question
We don't use the feature here yet. I just know that it does exist. I'm not
sure how any system could detect it well without the dashes.
_____
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Rick Boza
Sent: Tuesday, May 20, 2008 2:16 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: question
Out of curiousity - how well does it handle malformed SSNs?
What I mean is, assuming it looks for strings formatted as :
###-##-####
But what happens if it is formatted as ######### ?
I know Postini has some great capability - I'm just wondering how
comprehensive the filtering of SSN's really works out to be.
You know what they say, if you try to idiot-proof the system, someone will
always build a better idiot.
Rick
On Tue, May 20, 2008 at 2:01 PM, Sandra K. Hemker <sanhem@xxxxxxxxxxx>
wrote:
We use POSTINI spam\virus filter which is a subscribed to service and they
give you the ability to set up OUTBOUND content management where it will
search outgoing email for SSN's.
_____
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Alex
Sent: Tuesday, May 20, 2008 11:09 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] question
is there anybody out there using anything that would stop social security
numbers from being emailed thru exchange 2003 thanks for your time in
advance
Other related posts:
