Educause Security Discussion mailing list archives
Re: Email Attachment Blocking
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Wed, 28 Jan 2009 16:51:30 -0500
On Tue, 27 Jan 2009 15:21:54 PST, "Miller, Don C." said:
Steve, it is interesting you ask this. For about 5 years we have been blocking exe, js, mdb, com, lnk and a large number of other attachment types without notifying recipients/senders. This week we are hoping to implement an actual notification process to either the sender or recipient
You may want to do a quick check that you don't spam notifications out to a joe-jobbed sender - sending a "We blocked an attachment from you" to a 3rd party who didn't actually *send* an attachment is a good way to end up in a lot of people's spam filters. http://spamlinks.net/prevent-secure-backscatter.htm Note the discussion in the 'Preventing backscatter' section - you really need to do reject-during-SMTP, trying to send a bounce after you've accepted the mail is basically doomed to fail. (It's amazing how many sites are *still* getting this wrong, which is why I'm posting to the list)
Attachment:
_bin
Description:
Current thread:
- Re: Email Attachment Blocking, (continued)
- Re: Email Attachment Blocking Ken Connelly (Jan 27)
- Re: Email Attachment Blocking Sweeny, Jonny (Jan 27)
- Re: Email Attachment Blocking Adam Nave (Jan 27)
- Re: Email Attachment Blocking Kieper, David (Jan 27)
- Re: Email Attachment Blocking Bob Bayn (Jan 27)
- Re: Email Attachment Blocking Miller, Don C. (Jan 27)
- Re: Email Attachment Blocking Joel Rosenblatt (Jan 27)
- Re: Email Attachment Blocking Vuong Phung (Jan 28)
- Re: Email Attachment Blocking Jason C. Belford (Jan 28)
- Re: Email Attachment Blocking Jesse Thompson (Jan 28)
- Re: Email Attachment Blocking Valdis Kletnieks (Jan 28)
- Re: Email Attachment Blocking Miller, Don C. (Jan 28)
- Re: Email Attachment Blocking Jesse Thompson (Jan 29)