Why do Email spam filters remove zip files??
Posted by Michael Bray on December 13, 2007
It doesn’t increase security in any significant way, it only adds pain to users that are legitimately trying to send stuff around… It’s basically equivalent to the case of “security thru obscurity”, which is only marginally better than no security at all. I see it like this:
- An EXE is sent – even the highly-dumb users aren’t likely to run this, although maybe by accident. Some, of course, are that dumb. No one really needs to send EXE files around anyway. I grudgingly accept that it makes sense to filter these, although the argument holds for EXE files just as well as for ZIP files.
- A renamed EXE is sent – spam filter won’t block it, but most people with any sense probably won’t rename it and run it unless they know where it came from and what it is. The really dumb users might do it anyway.
- A renamed ZIP is sent – spam filter won’t block it, but there is a good chance people will rename it and look into it and run something inside of it
- A zip file is sent – spam filter blocks it… this is only marginally more secure than #3, and only because the receiver has to go to the trouble of renaming it
The point is that it is so easy for a user to rename the file back to it’s original extension and then do whatever dumb things they want with it. It’s a case of marginal gain for significant cost (in this case, the pain of two people having to rename the file… perhaps that doesn’t seem significant to some people, but for me, often, I’d rather not have to take the extra 5 seconds to do it, not to mention the round trip time to cover the first email that I send with an un-renamed zip file only to hear back that the user didn’t receive it.).
[OK, so this isn’t really programming, but I needed a test post and this works just fine.]