Educause Security Discussion mailing list archives
Re: Compromise Email Accounts
From: Mike Iglesias <iglesias () UCI EDU>
Date: Wed, 21 Jan 2009 07:52:43 -0800
Richard Miller wrote:
- Do you allow students to use IMAP/POP/SMTP or are they required to use a web interface (this can potentially reduce the scope of attacks)?
The vast majority of our spamming incidents have been through our webmail system (Squirrelmail). I can't recall any spamming incidents thru mail clients. It looks like the spammers have some kind of automated system setup to send mail thru the Squirrelmail interface. Most of the incidents originated in Nigeria. We use MailScanner and Spamassassin with some custom rules to catch most of the phishing email coming in to campus, and anything that is detected as phishing is quarantined until it is looked at. Obviously, radical changes in the phishing text can get thru, but we are working on other rules to catch typical phishing phrases rather than specific text. We also monitor the Squirrelmail logs for suspicious activity and have been somewhat successful in catching spamming runs shortly after they start. -- Mike Iglesias Email: iglesias () uci edu University of California, Irvine phone: 949-824-6926 Network & Academic Computing Services FAX: 949-824-2270
Current thread:
- Compromise Email Accounts Richard Miller (Jan 21)
- <Possible follow-ups>
- Re: Compromise Email Accounts Mike Iglesias (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Zach Jansen (Jan 21)
- Re: Compromise Email Accounts Roger Safian (Jan 21)
- Re: Compromise Email Accounts Mike Porter (Jan 21)
- Re: Compromise Email Accounts Schumacher, Adam J (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Russell Fulton (Jan 29)
- Re: Compromise Email Accounts Sabo, Eric (Jan 29)
- Re: Compromise Email Accounts Joe Vieira (Jan 30)
(Thread continues...)