Educause Security Discussion mailing list archives
Re: Compromise Email Accounts
From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Wed, 21 Jan 2009 13:01:44 -0600
At 11:05 AM 1/21/2009, Zach Jansen put fingers to keyboard and wrote:
Prevention ----------You might consider automated methods for dropping/blocking email from anyone who sends more than a few hundred messages at a time.
We have been working with this idea for a month or so. I had high hopes, but, they have been totally dashed. We still use the work, right now if anyone sends more than 100 messages in any hour long window, we get notified with the from address, subject, and a statistical breakdown of the domains being sent to. For the most part, these show legitimate traffic. Sharing of research data, departmental announcements, etc. They do also pull those who fall for the phishing, and it's not that difficult to separate that legitimate mail from the bogus, so we continue to use it. I don't think it would be safe to automate this check, based solely on the number of messages being sent. -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 491-4058 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Compromise Email Accounts Richard Miller (Jan 21)
- <Possible follow-ups>
- Re: Compromise Email Accounts Mike Iglesias (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Zach Jansen (Jan 21)
- Re: Compromise Email Accounts Roger Safian (Jan 21)
- Re: Compromise Email Accounts Mike Porter (Jan 21)
- Re: Compromise Email Accounts Schumacher, Adam J (Jan 21)
- Re: Compromise Email Accounts Jesse Thompson (Jan 21)
- Re: Compromise Email Accounts Russell Fulton (Jan 29)
- Re: Compromise Email Accounts Sabo, Eric (Jan 29)
- Re: Compromise Email Accounts Joe Vieira (Jan 30)
- Re: Compromise Email Accounts Russell Fulton (Feb 02)
- Re: Compromise Email Accounts Daniel Bennett (Feb 03)
- Re: Compromise Email Accounts Steven Tardy (Feb 03)
- Re: Compromise Email Accounts Jeremy Mooney (Feb 03)
(Thread continues...)