Educause Security Discussion mailing list archives

Re: Email Attachment Blocking

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Wed, 28 Jan 2009 16:51:30 -0500

On Tue, 27 Jan 2009 15:21:54 PST, "Miller, Don C." said:

Steve, it is interesting you ask this.  For about 5 years we have been
blocking exe, js, mdb, com, lnk and a large number of other attachment
types without notifying recipients/senders.  This week we are hoping to
implement an actual notification process to either the sender or
recipient


You may want to do a quick check that you don't spam notifications out to
a joe-jobbed sender - sending a "We blocked an attachment from you" to
a 3rd party who didn't actually *send* an attachment is a good way to end
up in a lot of people's spam filters.

http://spamlinks.net/prevent-secure-backscatter.htm

Note the discussion in the 'Preventing backscatter' section - you really
need to do reject-during-SMTP, trying to send a bounce after you've accepted
the mail is basically doomed to fail.

(It's amazing how many sites are *still* getting this wrong, which is why
I'm posting to the list)

Attachment: _bin
Description:

Current thread:

Re: Email Attachment Blocking, (continued)
- Re: Email Attachment Blocking Ken Connelly (Jan 27)
- Re: Email Attachment Blocking Sweeny, Jonny (Jan 27)
- Re: Email Attachment Blocking Adam Nave (Jan 27)
- Re: Email Attachment Blocking Kieper, David (Jan 27)
- Re: Email Attachment Blocking Bob Bayn (Jan 27)
- Re: Email Attachment Blocking Miller, Don C. (Jan 27)
- Re: Email Attachment Blocking Joel Rosenblatt (Jan 27)
- Re: Email Attachment Blocking Vuong Phung (Jan 28)
- Re: Email Attachment Blocking Jason C. Belford (Jan 28)
- Re: Email Attachment Blocking Jesse Thompson (Jan 28)
- Re: Email Attachment Blocking Valdis Kletnieks (Jan 28)
- Re: Email Attachment Blocking Miller, Don C. (Jan 28)
- Re: Email Attachment Blocking Jesse Thompson (Jan 29)