Re: Email Attachment Blocking

["Miller, Don C." <donm () UIDAHO EDU>]

I forgot to mention either the sender or recipient which is a part of
our domain *and* this check is after a spam check.  We have all other
notifications turned on and we know this is a potential area of both
backscatter and self-spamming.  Unfortunately we have had too many cases
of just missing messages over the years. :(  We still want the
protection with the customer friendly notice.

Don

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks
Sent: Wednesday, January 28, 2009 1:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Email Attachment Blocking

On Tue, 27 Jan 2009 15:21:54 PST, "Miller, Don C." said:
> Steve, it is interesting you ask this.  For about 5 years we have been
> blocking exe, js, mdb, com, lnk and a large number of other attachment
> types without notifying recipients/senders.  This week we are hoping
to
> implement an actual notification process to either the sender or
> recipient

You may want to do a quick check that you don't spam notifications out
to
a joe-jobbed sender - sending a "We blocked an attachment from you" to
a 3rd party who didn't actually *send* an attachment is a good way to
end
up in a lot of people's spam filters.

http://spamlinks.net/prevent-secure-backscatter.htm

Note the discussion in the 'Preventing backscatter' section - you really
need to do reject-during-SMTP, trying to send a bounce after you've
accepted
the mail is basically doomed to fail.

(It's amazing how many sites are *still* getting this wrong, which is
why
I'm posting to the list)