Re: SECURITY Digest - 27 Apr 2005 to 28 Apr 2005 (#2005-76)

[Don Murdoch <dmurdoch () ODU EDU>]

W/ respect to the AOL "you are a spam site" thread, we here at ODU
occasionally get these types of messages. What we have found in talking
with another large email source in town is that many of the large ISP type
organizations count the volume of mail received in a short period of time,
the number of unique destination addresses, and the frequency of source
email addresses sending to multiple recipients. The impact on a University
is that our daily student email messages that goes out once a night and
then get re forwarded by the student to several large ISP type
organizations “look like spam”.

We are seeing more and more people from Earthlink’s anti spam staff that
don’t have quite the savvy at reading email headers, and misidentify auto
forwards as UCE.

There are several mitigations to being misidentified as a spam source AOL’s
site:

http://postmaster.aol.com/guidelines/bestprac.html

We recently added soft SPF filters to our DNS, and only allow outbound SMTP
from known messaging servers. We have an internal authenticated relay on
campus. The last two items have cut down our work on investigations of spam
from 3 – 5 a day to 1 – 2 per month, which invariably turn out to be
genuine spam and an unnecessary expenditure of resources.

- djm -
********************************************************
Don Murdoch, CISSP
Information Systems Security Officer
SANS: GCFW, GSEC, GCWN, GCUX, GCIH, GCIA
Microsoft: MCSD, MCSE (NT/2K)
Tel: 757-683-4580    Office of Computing and Communications Services
Fax: 757-683-5155    Old Dominion University - Norfolk, Virginia
This signature block is not a digital signature under UETA.  If you
received this message in error, inform the sender and delete it.
Information in this email may containt private or other protected data.