Patti (whipartist) wrote,

My PPA response

Here is my response to the PPA answer I received earlier today. I think I'm being pretty reasonable.

Date: Tue, 29 Jan 2008 15:07:28 PST
To: "bryan" <>
From: "Patti Beadles" <>
Subject: Re: Your privacy policy has been violated


I find your response unsatisfying.

Please allow me to outline my technical background. I am a computer
industry professional with two decades of experience, including over
a decade as an internet professional. I have worn many hats during
my career, but the one that is most relevant to this discussion is
my stint as Director of Operations for Yesmail. During this time,
I was responsible for all data center operations of a leading email
marketing company, and I was responsible for both the delivery of
email, and the security of the data center.

I have also been an avid anti-spam activist for many years, and I
am well-versed in the methods that spammers use to obtain addresses.
I keep constant vigilance over access to my personal domains,
including daily monitoring of all spam attempts on my servers.

Your statement that passing ScanAlert's test "means that there are
no security holes for spammers" indicates a complete misunderstanding
of computer security and security audits. Passing a security audit
means that any obvious, known holes have been closed, but it is far
from a guarantee of safety. New security exploits are being
developed on a daily basis, and it is impossible to stay ahead of
all of them.

However, I know from experience that the majority of security
exploits are inside jobs, where someone inside the organization
utilizes their privileged access to the database for personal
gain. Because of that, standard security processes for sites with
confidential data include highly-restricted access to that data, as
well as complete audit logging of all accesses to protected data.

Are your backups safe? How many of your employees have database
accesss? Have any contractors had access to the database? How
about data center personnel? Test servers? Is it possible that
someone took a dump of the database when they were not being

I understand that the casino spam I'm getting is quite prevalent
on the internet right now. However, what I do not understand is
how that spam was sent specifically to the PPA email address I use,
unless there was a security breach of some sort on the PPA's end.

-Patti Beadles
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded