Educause Security Discussion mailing list archives

Re: Official and Certified Email

From: Mike Porter <mike () UDEL EDU>
Date: Wed, 24 Sep 2008 10:14:57 -0400

On Wed, 24 Sep 2008, Justin St. Onge wrote:

I think email is a lost cause.   RSS maybe?


I don't know.  I am heartened by the fact that no one has fallen for
the latest phish scam here.  I think people need to learn to read
and think.  If something comes in the US mail, you should look and
think before replying; the same goes for email.  People haven't been
brought up thinking that email can be trivially forged and they
don't think.

Mike


Justin St. Onge
Academic Server Administrator/Lab Coordinator
SUNY College at Oneonta - Academic Computer Services
stongejc () oneonta edu

"Look, defenseless babies!"
Fletch


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mclaughlin, Kevin
(mclaugkl)
Sent: Wednesday, September 24, 2008 8:43 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Official and Certified Email

Hi All:

Has anyone conquered yet how to have (example) their president send out
an email with a link in it and have folks comfortable that it is not a
phishing scheme?   I now have community members ringing our phones off
the hook when United Way, Fine Arts, etc. emails come to them with
instructions to click the link.  I applaud the fact that as a profession
our awareness campaigns are working but am now struggling with the
concept of how to create an official email that everyone who receives it
knows to trust. Certificates, IMO, are not the answer as most people
don't even know what the little certificate icon means, let alone how to
hover over it to see if a message is authentic or not.  Of course, that
could just be a training issue that needs to start at a young age in
order to get people used to looking for a "President's certificate" or a
"Help Desk Certificate", etc.  I suspect though (just a SWAG here on my
part) that we will need to figure out an easier solution.   Any ideas or
thoughts would be greatly appreciated.

-Kevin

Kevin L. McLaughlin
MS,CISM, CISSP, GLSC, PMP, ITIL Manager Certified
Director, Information Security
University of Cincinnati


-
Mike Porter
PGP Fingerprint: F4 AE E1 9F 67 F7 DA EA  2F D2 37 F3 99 ED D1 C2

Current thread:

Official and Certified Email Mclaughlin, Kevin (mclaugkl) (Sep 24)
- <Possible follow-ups>
- Re: Official and Certified Email Ken Connelly (Sep 24)
- Re: Official and Certified Email Justin St. Onge (Sep 24)
- Re: Official and Certified Email Willis Marti (Sep 24)
- Re: Official and Certified Email Mike Porter (Sep 24)
- Re: Official and Certified Email Chris Green (Sep 24)