Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Signature Blocks SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Signature Blocks
Just thought i'd share with you all a pet peeve of mine.  Signature Blocks in email.

How much is too much?  At what point do these things become a security hazard?  At what point are you putting too much information about yourself out on the internet?

Well wait, you ask, what does this have to do with security?  What if your email client has a vuln to some client side jpg/png/gif parsing thingy, and all I have to do is send you an email with an html signature block (or html at ALL), and execute some code?

Do you put certs in your signature block?  Should you? 

Do you put quotes in your signature block?  Should you?

Do you put your phone number in your signature block?  Email addresses?  Titles?

I've stuck to the rule of '4 lines is enough' in a signature block.  But what are your thoughts?

Does your company have a policy against signature blocks?  What about those Plaxo signature blocks?  What about LinkedIn signature blocks?

Share your thoughts.  I'll collect the consensus for the night and publish a diary with your thoughts.


Joel Esler

P.S.  For those of you that are wondering, my email signature block is one line.

454 Posts
May 29th 2007

Sign Up for Free or Log In to start participating in the conversation!