End point anti-virus email alerts - SMTP Authentication

Hey guys,

Thanks for the pointer Jak,  I'll see if I can play around with that hack and if it works with the client, but from QC's response I have a feeling the answer is going to be a no - it's good to know they are going in the right direction though.

QC: "The lack of SMTP authentication does not promote SPAM. It can help with relaying "

Ok, maybe promote was a bit strong, but that is entirely a matter of opinion.

I personally see that an HTTP client without HTTPS support aids HTTP hijacking, FTP without FTPS (or sFTP) support aids....well....FTP and all of its associated issues and an SMTP client without the full suite of security that SMTP offers aids spammers.  By not supporting SMTP fully Sophos are forcing people to not fully lock down their SMTP host and for us, being PCI compliant, that means we can't use Sophos email alerts in our card data environment as this isn't a good enough business requirement to deploy an open email server, which means down the line when we deploy more servers this puts an end to our use of Sophos.

To quickly address the one point of my provider: Yes, my provider has a lot of knowlage - I wasn't being sarcastic when I said I didn't want to question them as I see them as the best out there - I was hoping there was some hackduggery (as Jak kindly pointed me to) I could point them to that they may not have known about.  On that note though, it's worth pointing out they don't support Sophos in their high end package - but unfortunatly we are a startup so we can't go there right away.

Hey guys,

Thanks for the pointer Jak,  I'll see if I can play around with that hack and if it works with the client, but from QC's response I have a feeling the answer is going to be a no - it's good to know they are going in the right direction though.

QC: "The lack of SMTP authentication does not promote SPAM. It can help with relaying "

Ok, maybe promote was a bit strong, but that is entirely a matter of opinion.

I personally see that an HTTP client without HTTPS support aids HTTP hijacking, FTP without FTPS (or sFTP) support aids....well....FTP and all of its associated issues and an SMTP client without the full suite of security that SMTP offers aids spammers.  By not supporting SMTP fully Sophos are forcing people to not fully lock down their SMTP host and for us, being PCI compliant, that means we can't use Sophos email alerts in our card data environment as this isn't a good enough business requirement to deploy an open email server, which means down the line when we deploy more servers this puts an end to our use of Sophos.

To quickly address the one point of my provider: Yes, my provider has a lot of knowlage - I wasn't being sarcastic when I said I didn't want to question them as I see them as the best out there - I was hoping there was some hackduggery (as Jak kindly pointed me to) I could point them to that they may not have known about.  On that note though, it's worth pointing out they don't support Sophos in their high end package - but unfortunatly we are a startup so we can't go there right away.