Re: Email Attachment Blocking

["Miller, Don C." <donm () UIDAHO EDU>]

Steve, it is interesting you ask this.  For about 5 years we have been
blocking exe, js, mdb, com, lnk and a large number of other attachment
types without notifying recipients/senders.  This week we are hoping to
implement an actual notification process to either the sender or
recipient (we scan both incoming and outgoing messages) if they are one
of our domain users.  We use proofpoint appliances for our border e-mail
service.  The reason we have implemented this is the high number of
legitimate use messages being caught, student homework, vendor
communication and patching, etc.  We do not want to turn off this check
as we continue to see malware messages which initially make it through
before the spam or virus engines catch up.  It would be a big hole...

Don Miller
University of Idaho

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve Brukbacher
Sent: Tuesday, January 27, 2009 1:31 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Email Attachment Blocking

Hi,
I'm taking an informal survey to see if others are currently blocking
any email attachments at the mail server (or component of your mail
server infrastructure).  If so, which ones?

If yes, does the email simply get dropped or does the sender and/or
recipient receive some sort of notification?

Any comments on how you worked with your user community on this would be
helpful as well.

-- 
Steve Brukbacher, CISSP
University of Wisconsin Milwaukee
Information Security Architect