The organization that you work for has an email policy that prohibits forwarding chain e-mail. What is the purpose for implementing such a rule within the company’s policy?
The obvious answer is probably the most practical. By having a security policy in place prohibiting chain emails, you can cut down on inane interruptions to workflow and productivity. Chain emails provide no substantial contribution to the work day, and the largest benefit to their exclusion is more ROI on employees salary.
Though, as this is a security course, we need more of a justification than the managerial excuse of: “No one wants to read the superstitious/romantic drivel your cousin sent you, Karen.”
While most people have received chain letters, and although few have been infected by their contents, the possibility is always there. Email is an amazing avenue for distributing malware, and every entry in your inbox should be regarded as a potential threat. Moreover, even if it’s an innocuous chain mail without attachments, promising instantaneous romance after sharing only 32 times, the attached list of email addresses could be intercepted further down the line and used for nefarious purposes like telemarketing or spear phishing.
So even if you aren’t alarmed at the possibility of viruses piggybacking on chain letters, their prohibition provides a plethora of practical purposes.