Educause Security Discussion mailing list archives
Re: Transport rule to put a header on external email
From: Erik D Evans <evanse () BGSU EDU>
Date: Thu, 9 May 2019 17:35:43 +0000
We piloted prepending [EXTERNAL] to the subject, as well as variations of warnings either prepended or appended to the body of messages. Ultimately, we ended up only doing the subject prepend due to feedback we received during the pilot. In the beginning of April we implemented this for all users. Yes, we are whitelisting all 3rd parties that send on our behalf. After quite a bit of concern from faculty prior to implementation we have received very few complaints post implementation. Still monitoring how this is impacting compromises but we have definitely noticed an increase in awareness since implementing this. _______________________ Erik Evans Manager of Information Security Information Technology Services Bowling Green State University evanse () bgsu edu<mailto:evanse () bgsu edu> http://www.bgsu.edu/infosec This e-mail, including any attachments, may contain information that is protected by law as privileged and confidential, and is transmitted for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying or retention of this e-mail or the information contained herein is strictly prohibited. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Mandi Witkovsky Sent: Tuesday, May 7, 2019 9:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [EXTERNAL] [SECURITY] Transport rule to put a header on external email For those who have a rule set up to add a header to incoming external email, have you seen a decrease in security events, or a corresponding increase in awareness? Did you whitelist any 3rd parties that send on your behalf so that the header doesn't appear? Have you seen any pushback from people? Thoughts on adding a header vs prepending "EXTERNAL" or some such in the subject line? We're looking into adding this, and I wondered what experience you all have had. Thanks, mandi
Current thread:
- Transport rule to put a header on external email Mandi Witkovsky (May 07)
- Re: Transport rule to put a header on external email Madl, Michael (May 07)
- Re: Transport rule to put a header on external email Frank Barton (May 07)
- Message not available
- Re: Transport rule to put a header on external email Coller, Jon (May 07)
- Re: Transport rule to put a header on external email Frank Barton (May 07)
- Re: Transport rule to put a header on external email Madl, Michael (May 07)
- Re: Transport rule to put a header on external email Thomas Carter (May 07)
- Re: Transport rule to put a header on external email Erik D Evans (May 09)
- Re: [External] Re: [SECURITY] Transport rule to put a header on external email Gregg, Christopher S. (May 09)