[tsukikage]

> A better idea might be to simply quarantine all attachments as they come into the enterprise, delete all the executables outright, and store the few file types you decide are acceptable on a staging server where users can log in with an SSL- enabled browser

An odd suggestion in an otherwise relatively uncontroversial article. It implicitly trains your users in a bunch of unpleasant things:

* clicking on some URL in an email, typing your password into whatever webpage pops up, downloading the blob it serves you and opening it (after clicking through the browser's "this was downloaded from the internet, are you sure?" warning) is a perfectly normal and legitimate part of the working day

* one needs to find ways to obfuscate documents of types that aren't on the IT whitelist so one can send them to one's colleagues so they can do their jobs (and no, the corporate whitelists never capture everything people urgently need to share in order to do their jobs)

* since everyone now does that habitually, receiving an automangled email with a link to an attachment which has its actual payload contained in several layers of archive obfuscation wrapper is perfectly normal because that's just what you have to do to share stuff with your colleagues now

These could, of course, be mitigated by suitably educating users, but since the practice is advocated in a section about user education never working, that is unlikely to happen.

[acdha]

I think this is a little less bad in context: in 2005 Gmail was a year old. Most people used a dedicated email client app such as Outlook or Mail.app so in your flow it would be far more defensible and his view was focused on corporate users. That makes the first point a little more reasonable:

1. Your desktop application shows a list of attachments in the navigation chrome where a message can't display content.

2. When you click on something in that list, Internet Explorer or Firefox seamlessly logs you into the server using Active Directory.

Storing things on a server was also more relevant in the era where space was limited and services like Exchange were famously difficult to scale or customize. If you didn't have good tools to retroactively yank a message out of everyone's inbox when your AV signatures were updated an hour after it arrived, storing it on a server you controlled had a certain practicality.

Your second and third points are spot-on, however, and really hit at a key principle too few security teams appreciate: normalization of deviance. This approach fails badly in the real world where IT security says “don't open attachments from people you don't know” and everyone's manager says “oh, it's totally normal to get passworded ZIP files from the HR services subcontractor. Open it, we have a deadline!”. The real lesson here should be defense in depth so your organization's security isn't jeopardized when one person opens the wrong email.