Educause Security Discussion mailing list archives
Re: Blacklisting and Tar-pitting
From: "Jason C.Belford" <jason.belford () OIT GATECH EDU>
Date: Wed, 6 Aug 2008 09:08:38 -0400
Jay, We too ran into these issues. At one time we would simply tag the message with a spam score and allow our users to create a filter. However, if our user was forwarding incoming mail to an off-campus address, the spam would forward before any filters could be applied (if filters were even created). As you know, the headers of a message can only be trusted by your MTAs and therefore you can only validate the hop prior to receiving it. So, it appeared to off-campus sites as though we were sending lots of spam, and we were being blacklisted quite often. Based on our size and the number of messages we receive daily, quarantining was not an option for us. So, we made the decision to begin proactively dropping messages at certain thresholds. At first we started dropping at a conservative threshold but found we were still being block, though not as often. We lowered the threshold a little bit more and have not been the focus of many blacklists since. Unless you are very confident in your anti-spam system, I would not recommend this method. --Jason On Aug 6, 2008, at 7:33 AM, Jay Graham wrote:
Folks, Here at the University of Pittsburgh, we allow our users to forward their official University email address <username () pitt edu> either on campus to a departmental e-mail server or off campus to another provider. We have been dealing with the external providers Blacklisting us for some time, but recently it seems to have become chronic and we are Blacklisted now more than we are not Blacklisted. We put measures in place for SPAM filtering and have really cracked down on security so that compromised workstations are not spewing spam. I know there are several things we can do about this. Some are radical like not allowing forwarding of email off campus and others are less radical like trying to white list us with the major providers or implement domain keys or SPF. I am wondering what other Universities that allow forwarding are doing to combat the blacklisting problem. Is this something obvious we are missing or is this a real problem that everyone is facing? Jay Graham University of Pittsburgh jwg () pitt edu ================
-- Jason C. Belford Information Security Manager Office of Information Technology Georgia Institute of Technology Phone: (404) 894 - 6159
Current thread:
- Blacklisting and Tar-pitting Jay Graham (Aug 06)
- <Possible follow-ups>
- Re: Blacklisting and Tar-pitting Michael Young (Aug 06)
- Re: Blacklisting and Tar-pitting Jason C.Belford (Aug 06)
- Re: Blacklisting and Tar-pitting Roger Safian (Aug 06)
- Re: Blacklisting and Tar-pitting Patrick P Murphy (Aug 06)
- Re: Blacklisting and Tar-pitting Jesse Thompson (Aug 08)