Educause Security Discussion mailing list archives

Re: Blacklisting and Tar-pitting

From: "Jason C.Belford" <jason.belford () OIT GATECH EDU>
Date: Wed, 6 Aug 2008 09:08:38 -0400

Jay,

We too ran into these issues.

At one time we would simply tag the message with a spam score and
allow our users to create a filter.  However, if our user was
forwarding incoming mail to an off-campus address, the spam would
forward before any filters could be applied (if filters were even
created).

As you know, the headers of a message can only be trusted by your MTAs
and therefore you can only validate the hop prior to receiving it.
So, it appeared to off-campus sites as though we were sending lots of
spam, and we were being blacklisted quite often.

Based on our size and the number of messages we receive daily,
quarantining was not an option for us.  So, we made the decision to
begin proactively dropping messages at certain thresholds.  At first
we started dropping at a conservative threshold but found we were
still being block, though not as often.  We lowered the threshold a
little bit more and have not been the focus of many blacklists since.

Unless you are very confident in your anti-spam system, I would not
recommend this method.

--Jason


On Aug 6, 2008, at 7:33 AM, Jay Graham wrote:

Folks,

Here at the University of Pittsburgh, we allow our users to forward
their official University email address <username () pitt edu> either
on campus to a departmental e-mail server or off campus to another
provider.

We have been dealing with the external providers Blacklisting us for
some time, but recently it seems to have become chronic and we are
Blacklisted now more than we are not Blacklisted. We put measures in
place for SPAM filtering and have really cracked down on security so
that compromised workstations are not spewing spam.

I know there are several things we can do about this. Some are
radical like not allowing forwarding of email off campus and others
are less radical like trying to white list us with the major
providers or implement domain keys or SPF.

I am wondering what other Universities that allow forwarding are
doing to combat the blacklisting problem. Is this something obvious
we are missing or is this a real problem that everyone is facing?

Jay Graham
University of Pittsburgh
jwg () pitt edu
================


--
Jason C. Belford
Information Security Manager
Office of Information Technology
Georgia Institute of Technology
Phone: (404) 894 - 6159

Current thread:

Blacklisting and Tar-pitting Jay Graham (Aug 06)
- <Possible follow-ups>
- Re: Blacklisting and Tar-pitting Michael Young (Aug 06)
- Re: Blacklisting and Tar-pitting Jason C.Belford (Aug 06)
- Re: Blacklisting and Tar-pitting Roger Safian (Aug 06)
- Re: Blacklisting and Tar-pitting Patrick P Murphy (Aug 06)
- Re: Blacklisting and Tar-pitting Jesse Thompson (Aug 08)