Re: Filtering outgoing email [MESSAGE NOT SCANNED]

["Irish, Adrian L" <Adrian.Irish () MSO UMT EDU>]

Brady, we filter incoming and outgoing using the google list mentioned previously.  What happens is that the phish 
makes it through the incoming filter, but is then subsequently detected, the return address is added to the list, and 
most, if not all, of the responses are blocked (in our case, we quarantine them).  When we first started this, I 
thought that would be a rare occurrence, but it turns out that it happens quite often.

We also scan our smtp logs (again, using the google list) and flag responses to phishes that made it out.  I then 
contact those individuals to find out if they actually gave up their password.

Adrian Irish
IT Security Officer
The University of Montana
SS 126D
Missoula, MT 59812
(406) 243-6375
 
adrian.irish () umontana edu

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of McClenon, Braden
> Sent: Tuesday, June 23, 2009 1:13 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Filtering outgoing email [MESSAGE NOT SCANNED]
>
> Just out of curiosity, since I've considered proposing outbound
> scanning
> with our Barracuda.  If the phishing message got through the Barracuda
> when coming inbound, what makes you feel confident it will catch it, or
> a reply to it, outbound?  This is why I always figured we'd need a
> different solution to monitor outbound traffic.
>
> Brady McClenon
> Senior Server Administrator
> SUNY Oneonta
> 607-436-3203
>
>
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Charles Seitz
> > Sent: Tuesday, June 23, 2009 12:00 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] Filtering outgoing email [MESSAGE NOT
> SCANNED]
> > We use a Barracuda appliance for both incoming and outgoing email. On
> > the
> > outgoing side it looks for scams, bulk mail, and malware. It also
> scans
> > the
> > text of each message looking for SSN's and blocks those and alerts
> the
> > helpdesk so that they may take corrective action with the user.
> Repeat
> > offenders get a pleasant call from me. I don't know that I'd call
> this
> > an
> > inexpensive solution, but it has been quite effective and reliable -
> > far
> > more reliable than their web content filter.
> >
> >
> >
> > Charles A. Seitz
> > Senior Security Analyst
> > University of Tennessee Information Security Office
> > Martin Campus
> > cseitz () tennessee edu
> > (731) 881-7966
> >
> >
> >
> > On 6/23/09 7:00 AM, "Kellogg, Brian D." <bkellogg () SBU EDU> wrote:
> >
> > > We've been the victim of a phishing scam that made it through our
> > > incoming spam filter.  The phisher used the compromised accounts to
> > send
> > > spam via Outlook Web Access.  Just wondering what
> > inexpensive/reliable
> > > methods others are using to filter outbound email and catch any
> > accounts
> > > showing a huge volume of outbound spam.  Thanks...
> > >
> > >
> > >
> > > Thank you,
> > >
> > > Brian Kellogg
> > > Network Services Manager
> > > St. Bonaventure University
> > > 716-375-4092