mailing list archives
Re: [Security Weekly] [advisory-board-open] Pen Testing and the Canadian anti-spam law
From: Adrien de Beaupre <adriendb () gmail com>
Date: Wed, 2 Jul 2014 18:49:24 -0400
wouldn't it all come down to permission, i.e. consent of the organization
receiving the email?
On Tue, Jul 1, 2014 at 11:36 AM, Jamil Ben Alluch <jamil () autronix com>
I wanted to get some points of view in regards to the newly implemented
anti-spam law that entered into effect today in Canada.
There are cases where during pen-testing projects, we are in a way
required to send emails in order to test out phishing attempts, malware
These would have to be crafted in a way that is appealing to the targeted
end-user and often will have some kind of appealing sales connotation or
fake business application.
Now according to the CASL <http://fightspam.gc.ca/>, this would entitle
senders to up to CA$1,000,000 in fines, if you are an individual, and
$10,000,000 in fines if you are a business.
Obviously in our line of work, in order to perform our duties as
pen-testers, this could turn out to be a problem and remove the possibility
of trying out sets of attack vectors relying on emails.
I'd like to get some opinions on this matter.
*Jamil Ben Alluch, ing. jr, GCIH*
[image: Autronix] <http://www.autronix.com>
*Information Technology & Security Consulting*
jamil () autronix com
advisory-board-open mailing list
advisory-board-open () lists sans org
If you want to unsubscribe from this list, navigate to:
To unsubscribe, you'll need your list password.
If you forgot your password, you can get a reminder at the bottom of
securityweekly mailing list
securityweekly () mail securityweekly com
Main Web Site: http://pauldotcom.com