Educause Security Discussion mailing list archives

Re: Email Forwarding

From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Fri, 18 Feb 2011 12:40:32 -0500

We support email forwarding on demand as a self service function.

Our email forwarding occurs after our spam filtering, which I would highly recommend as a good thing :-)

As far as "locally generated" spam, our policy is that all official communication from the University will come from and be sent to the University suppliedemail address - not reading your university email is not an excuse for not knowing something.

I have gotten requests to get off University email lists (for example, an email sent do all employees from HR about a HR issue) - my response to those is getanother job - if you work for the University, you will get email from the University.


My 2 cents

Joel Rosenblatt

Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3



--On Friday, February 18, 2011 8:04 AM -0800 Joe St Sauver <joe () OREGON UOREGON EDU> wrote:

Geoffrey mentioned:

# At Wayne State we do allow forwarding, and this has indeed caused us grief on
# occasion, but it's unlikely we'll turn it off any time soon. I maintain a blog
# on internal IT-related things, and suggested, a few months ago, that we forbid
# forwarding. You can  read the comments--they are instructive:
#
# http://blogs.wayne.edu/proftech/2010/are-you-part-of-the-problem/

Looking at that article and comments, I'm seeing two key themes, I think:

-- forwarding was causing problems for Wayne State because forwarding
   was happening pre-filtering, and when spam was forwarded to third
   party providers, and then reported by users, it was "charged" against
   Wayne State, even though all you did was dutifully forward the user's
   mail as they'd asked you to do

-- some users preferred third party accounts because of things like
   excessive amounts of "intra-spam" to which they'd been involuntarily
   subscribed

We dealt with the first issue in part here at UO by offering users the
ability to forward AFTER spam filtering had happened (e.g., via
procmail rather than via a traditional .forward file). That approach
really knocks forwarded spam down to trivial levels, assuming you have
an effective filtering solution in place.

The second issue, intra-spam, is one that each site needs to wrestle
with themselves, but I think policies that mandate either (a) confirmed
opt-in lists only, or (b) approval by a designated very senior person
(for rare involuntary everyone-gets-this-one-whether-they-want-it-or-not
mailings) can do a lot to eliminate issues with unwanted intra-spam.

Regards,

Joe

Disclaimer: all opinions strictly my own




Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3

Current thread:

Email Forwarding Shamblin, Quinn (Feb 17)
- Re: Email Forwarding Mclaughlin, Kevin (mclaugkl) (Feb 17)
  - Re: Email Forwarding Shamblin, Quinn (Feb 17)
- Re: Email Forwarding Theresa Rowe (Feb 23)
- <Possible follow-ups>
- Re: Email Forwarding Joe St Sauver (Feb 17)
  - Re: Email Forwarding Shamblin, Quinn (Feb 17)
- Re: Email Forwarding Geoffrey Steven Nathan (Feb 18)
- Re: Email Forwarding Joe St Sauver (Feb 18)
  - Re: Email Forwarding Joel Rosenblatt (Feb 18)
- Re: Email Forwarding Geoffrey Steven Nathan (Feb 19)
- Re: Email Forwarding Volz, Donald D (Feb 19)
  - Re: Email Forwarding David Grisham (Feb 19)
  - Re: Email Forwarding Joel Rosenblatt (Feb 19)
    - Re: Email Forwarding Mclaughlin, Kevin (mclaugkl) (Feb 19)
    - Re: Email Forwarding Joel Rosenblatt (Feb 19)
    - Re: Email Forwarding Mclaughlin, Kevin (mclaugkl) (Feb 19)