Educause Security Discussion mailing list archives
Re: Email policy question
From: Gary Flynn <flynngn () JMU EDU>
Date: Tue, 21 Oct 2008 08:23:05 -0400
Andres Holguin Coral wrote:
Here, at "Los Andes" university we have a problem with our email policy, I don't know if any can help me or know who can help me with the procedure that is doing for this kind of issues: One or two years ago when gmail allowed from the google interface to read an external email account (any account from uniandes.edu.co using pop/imap) and also allowed to reply using @uniandes.edu.co (for example jhondoe () uniandes edu co), we decided to block in our MX servers the mails with the headers containing in the FROM field the string @uniandes.edu.co. This was because we considered that without authentication, anyone in the world could be able to spoof uniandes accounts. Additionally, we also configured separated SMTP servers with TLS authentication for allowing our users to send valid e-mails from outside our campus. However, now our users are requesting to cancel this policy because: - Many research groups are using mailing-lists from outside the University which modify the headers in such way that they appear to be originated from an account with the @uniandes.edu.co domain. - Many users are using gmail and they would like to use it with their @uniandes.edu.co account. Our questions is if you have a similar policy and what measures are taking to deal with this kind of problems.
We've been blocking messages from the outside with @jmu.edu in the SMTP FROM envelope field with exceptions for outsourced mailers. We've been doing this since last April in an attempt to stem the tide of forged malicious messages. I looked into doing it for the FROM field in the content but there are too many people putting false information there. Gmail users commonly use @jmu.edu in the FROM content field. There is another content field called something like apparently-from which contains the actual originating gmail address. Mailing lists also cause a problem. Yahoo actually seems to forge the SMTP FROM envelope field which has caused some problems but we've basically been telling people to put the yahoo address in the from field if mail is being sent from a yahoo account. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Email policy question Andres Holguin Coral (Oct 20)
- <Possible follow-ups>
- Re: Email policy question HALL, NATHANIEL D. (Oct 20)
- Re: Email policy question Valdis Kletnieks (Oct 20)
- Re: Email policy question Rizzo, Jim (Oct 20)
- Re: Email policy question Gary Flynn (Oct 21)