Educause Security Discussion mailing list archives
Re: Response to phishing e-mails
From: Andrew Daviel <advax () TRIUMF CA>
Date: Thu, 13 Nov 2014 17:24:24 -0800
On Fri, 31 Oct 2014, Nick Semenkovich wrote:
What we haven't done is implement DMARC and SPF hard fails. DMARC has its own problems, especially with regards to mailing lists. In my opinion it is a solution that causes more problems than it fixes. SPF hardfail causes similar issues in my opinion.
A little while ago I went through the exercise of upgrading Mailman to be DMARC-aware. As I recall the patch can do a DNS lookup and munge the sender address away from the real one, e.g.
"John Doe via xyzzy list <xyzzy-list () example com>" instead of the original "John Doe <jdoe () yahoo com>"which would be bounced and possibly get him unsubscribed for having a bad address.
I also created a DMARC "none" record, and so get the automated reports from google, yahoo, hotmail etc. - which I really ought to write a handler for instead of just filing them all unread most of the time. I had previously signed up for hotmail notifications which can be a good alarm for a compromised account (as well as noise from any time someone clicks "this is junk" on a legit email months later)
I just belatedly read all the thread, thanks everyone; I liked the Microsoft paper about the costs of complex passwords etc.
As this is related, I'll just tag it on the end: I just read an interesting paper by Google which was in Techworld yesterday:
http://services.google.com/fh/files/blogs/google_hijacking_study_2014.pdf That states that over 99% of phishing emails come from .edu domains.It's also an interesting in-depth study of manual phishing. Apparently the attackers quite rapidly access accounts using submitted credentials, then assess the mailbox for banking information, adult photos etc. as well as contact information for further "Help, I've lost all my money to a mugger" scams.
-- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 (Pacific Time) Network Security Manager
Current thread:
- Re: Response to phishing e-mails, (continued)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 29)
- Re: Response to phishing e-mails Brandon Hume (Oct 29)
- Re: Response to phishing e-mails Robert Meyers (Oct 29)
- Re: Response to phishing e-mails Paul Chauvet (Oct 29)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 29)
- Re: Response to phishing e-mails Brandon Hume (Oct 29)
- Re: Response to phishing e-mails Jones, Mark B (Oct 29)
- Re: Response to phishing e-mails Kalal, Robert (Bob) (Oct 29)
- Re: Response to phishing e-mails Paul Chauvet (Oct 30)
- Re: Response to phishing e-mails Nick Semenkovich (Oct 31)
- Re: Response to phishing e-mails Andrew Daviel (Nov 13)