Educause Security Discussion mailing list archives
Re: Filtering outgoing email [MESSAGE NOT SCANNED]
From: "Irish, Adrian L" <Adrian.Irish () MSO UMT EDU>
Date: Tue, 23 Jun 2009 15:45:53 -0600
Brady, we filter incoming and outgoing using the google list mentioned previously. What happens is that the phish makes it through the incoming filter, but is then subsequently detected, the return address is added to the list, and most, if not all, of the responses are blocked (in our case, we quarantine them). When we first started this, I thought that would be a rare occurrence, but it turns out that it happens quite often. We also scan our smtp logs (again, using the google list) and flag responses to phishes that made it out. I then contact those individuals to find out if they actually gave up their password. Adrian Irish IT Security Officer The University of Montana SS 126D Missoula, MT 59812 (406) 243-6375 adrian.irish () umontana edu
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of McClenon, Braden Sent: Tuesday, June 23, 2009 1:13 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Filtering outgoing email [MESSAGE NOT SCANNED] Just out of curiosity, since I've considered proposing outbound scanning with our Barracuda. If the phishing message got through the Barracuda when coming inbound, what makes you feel confident it will catch it, or a reply to it, outbound? This is why I always figured we'd need a different solution to monitor outbound traffic. Brady McClenon Senior Server Administrator SUNY Oneonta 607-436-3203-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Charles Seitz Sent: Tuesday, June 23, 2009 12:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Filtering outgoing email [MESSAGE NOTSCANNED]We use a Barracuda appliance for both incoming and outgoing email. On the outgoing side it looks for scams, bulk mail, and malware. It alsoscansthe text of each message looking for SSN's and blocks those and alertsthehelpdesk so that they may take corrective action with the user.Repeatoffenders get a pleasant call from me. I don't know that I'd callthisan inexpensive solution, but it has been quite effective and reliable - far more reliable than their web content filter. Charles A. Seitz Senior Security Analyst University of Tennessee Information Security Office Martin Campus cseitz () tennessee edu (731) 881-7966 On 6/23/09 7:00 AM, "Kellogg, Brian D." <bkellogg () SBU EDU> wrote:We've been the victim of a phishing scam that made it through our incoming spam filter. The phisher used the compromised accounts tosendspam via Outlook Web Access. Just wondering whatinexpensive/reliablemethods others are using to filter outbound email and catch anyaccountsshowing a huge volume of outbound spam. Thanks... Thank you, Brian Kellogg Network Services Manager St. Bonaventure University 716-375-4092
Current thread:
- Re: Filtering outgoing email [MESSAGE NOT SCANNED] McClenon, Braden (Jun 23)
- <Possible follow-ups>
- Re: Filtering outgoing email [MESSAGE NOT SCANNED] Irish, Adrian L (Jun 23)
- Re: Filtering outgoing email [MESSAGE NOT SCANNED] Zach Jansen (Jun 24)