Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re:

From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Wed, 15 Jun 2005 19:24:27 -0400
Our policy is meant to cover the situation where someone tries to spoof
their address using our email system to send a message from one user to
another.  We do not block email from an external email service that uses
screen names or other aliases to identify their users.

Joel

--On Wednesday, June 15, 2005 10:41 AM -0500 Dick Jacobson
<Dick.Jacobson () NDSU NODAK EDU> wrote:


On Wed, 15 Jun 2005, Joel Rosenblatt wrote:

Several of the policies cited in this discussion indicate that you may
not  allow mail into your system from Hotmail or Yahoo or anyplace else
that  allows non-name-based ids and/or do not know who their clients are.

That may be a stretch but I believe that is the question being asked.


Our network use policy:

<http://www.columbia.edu/cu/policy/network_use.html>

Has the following section:

22. All messages must show accurately from where and from whom the
message  originated, except in the rare, specific cases where anonymous
messages are  invited.

Joel Rosenblatt

Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel

--On Wednesday, June 15, 2005 8:28 AM -0400 Gary Flynn <flynngn () JMU EDU>
wrote:

> Theresa Semmens wrote:
>> We're looking at the possibility of providing in a policy that it
>> would be an acceptable use violation to misrepresent who one is when
>> communicating with a university official; particularly as it applies
>> to employees.
>>
>> This is to get at the situation where someone uses an alias to
>> communicate on a work related matter to someone else.
>>
>> I'm wondering if any of you have such a restriction in place, or could
>> point me to a policy with such a restriction. Any advice or
>> suggestions would be helpful.
>
>
> Our AUP has the following language:
>
> "# Not use university resources or computers attached to
>   the university network to falsify identity, for example by:
>
>      * Providing "pass through" service
>      * Sending electronic mail under forged headers"
>
> By strict interpretation, if an external computer
> is used to send a forged message through the JMU
> network and/or to a JMU account, that is use of
> university resources.
>
>
> http://www.jmu.edu/JMUpolicy/1207.shtml
>
>
>
> --
> Gary Flynn
> Security Engineer
> James Madison University



Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel




--

----------------------------------------------------------------------- 
Dick Jacobson                   e-mail : Dick.Jacobson () ndus NoDak edu
ND HECN MultiUser Host SysAd    office : IACC 206, NDSU
NDUS IT Security Officer        phone  : 701-231-7385
----------------------------------------------------------------------- 




Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Previous By Date Next
Previous By Thread Next

Current thread: