Re: How do you block spoofed communications from HR, Payroll, the President...?

["St-Jean, Daniel" <Daniel_St-Jean () BANFFCENTRE CA>]

Hi -,

One thing we are looking at is prepending all external emails' subject with "[External]: ". While this would not block 
the email, it would become a red flag if an email is spoofing the identify of an internal account.

My understanding is that you can setup a rule on a specific Inbound Connector in Exchange and add a rule to check 
whether the Sender is authenticated or not.

Regards,

[cid:image001.jpg@01D46B75.A0131DA0]

Daniel St-Jean
Senior Systems Analyst, IT/S

Banff Centre for Arts and Creativity
107 Tunnel Mountain Drive
Box 1020, Banff, Alberta
Canada T1L 1H5
Tel: 403.762.6263
banffcentre.ca<https://www.banffcentre.ca/>
Facebook<https://www.facebook.com/BanffCentre> | Twitter<https://twitter.com/BanffCentre> | 
Instagram<https://www.instagram.com/thebanffcentre/> | LinkedIn<https://www.linkedin.com/company/banff-centre>

Banff Centre for Arts and Creativity is located on the lands of Treaty 7 territory. We acknowledge the past, present, 
and future
generations of Stoney Nakoda, Blackfoot, and Tsuut'ina Nations who help us steward this land, as well as honour and 
celebrate
this place.

This message has been sent by an employee of Banff Centre. If you have received this communication in error or do not 
wish to receive
electronic communications from this individual in the future please respond by simply typing 'unsubscribe' in the 
subject line and returning to the sender. Subsequently you will not be contacted without reason.




From: The EDUCAUSE Security Community Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John R. 
LaPrad
Sent: Wednesday, October 24, 2018 6:54 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] How do you block spoofed communications from HR, Payroll, the President...?

Hello Colleagues, I am wondering what other universities are doing to block emails to users that have spoofed official 
people or offices on campus. Emails claiming to be from HR or Payroll, or the President.  Do you have a way to 
'guarantee' official communications so that end users can easily distinguish between the real and the fake?
We have an Office 365 email environment and also have many third party organizations that send mail, for our, as our, 
domain.
Any all thoughts are welcome

Thank you for your time
John LaPrad - CISSP, CIHE, GIAC/GMON
Information Systems Security Manager
Saginaw Valley State University
7400 Bay Rd. University Center, MI
Phone: 989-964-7134
jrl () svsu edu<mailto:jrl () svsu edu>