Educause Security Discussion mailing list archives
Re: Email blacklists blocking campus mail servers
From: Harry Hoffman <hhoffman () IP-SOLUTIONS NET>
Date: Thu, 4 Apr 2013 12:57:04 -0400
Hi John, Lots of us have scripts in place to identify compromised accounts by the frequency and volume at which mail is being sent. Once a account meets that threshold you can take some action: reject mail, change password, etc. Blacklisting usually doesn't happen on "occasional" spam run with very low volume. You'll need to implement the same thing in any webmail offerings. Reach out to the service that blacklisted you and work with them to get un-blacklisted (or is it de-blacklisted.. I never know). If you use something like Nagios there's a plugin to check various blacklist feeds and report/alert if a specific ip address is on the blaclist. Implement this or something similiar so you know ASAP. Cheers, Harry On 04/04/2013 12:40 PM, John Bambenek wrote:
I was wondering how many people had experience with this type of incident where you campus mail servers got listed in email blacklists for compromised accounts sending out spam. How did you mitigate the problem once identified? j
Current thread:
- Email blacklists blocking campus mail servers John Bambenek (Apr 04)
- Re: Email blacklists blocking campus mail servers Rich Graves (Apr 04)
- Re: Email blacklists blocking campus mail servers Harry Hoffman (Apr 04)
- Re: Email blacklists blocking campus mail servers Michael J. Kenney (Apr 08)