Educause Security Discussion mailing list archives
Re: Filtering outgoing email
From: "Irish, Adrian L" <Adrian.Irish () MSO UMT EDU>
Date: Tue, 23 Jun 2009 16:04:38 -0600
We're also filtering using this list, but for the outgoing filter, we quarantine the messages and I verify each and every one of them. When I see messages in which the person gave up their credentials, they get some "one on one" training from my office. One word of caution about using this list. Legitimate e-mail addresses do wind up on this list (not just hotmail or live.com addresses). We recently had an incident in which an nih.gov address ended up on the list. I detected the issue when one of our research faculty's messages to that person started showing up in the quarantine. I was able to talk to the person at NIH and verify that their account had been secured, and we then removed the address from the list, but if we had not been quarantining and checking the messages, it would have taken much longer to detect that problem (and we would have ended up with a very angry faculty member). Adrian Irish IT Security Officer The University of Montana SS 126D Missoula, MT 59812 (406) 243-6375 adrian.irish () umontana edu
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joe Vieira Sent: Tuesday, June 23, 2009 10:04 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Filtering outgoing email We've had good luck with it. Anytime we see a address that isn't in the list we add it and so do tons of other folks. It really does't do anything to slow our mail down... just a big ol' postfix map. postfix is super fast. antivirus scanning is the limiting factor in mail delivery usually. If you environment is already at capacity then you might have issues, but other than that i doubt you would see any issues. Joe Roger Safian wrote:At 09:46 AM 6/23/2009, Joe Vieira put fingers to keyboard and wrote:the first of which is http://code.google.com/p/anti-phishing-email-reply/ the use of this.Weloop outgoing mail thru another postfix instance to filter based off this project's list of phishing reply addresses. If you mail to aknownphisher, your mail gets dropped. good protection.Any idea what the impact of using this has on the timeliness of mail delivery? With phishers being able to choose almost any returnaddress,this seems like a galactic scale game of whack a moll. ;-) I worry that our servers couldn't handle the additional load.
Current thread:
- Re: Filtering outgoing email, (continued)
- Re: Filtering outgoing email Gregg, Christopher S. (Jun 23)
- Re: Filtering outgoing email Joe Vieira (Jun 23)
- Re: Filtering outgoing email HALL, NATHANIEL D. (Jun 23)
- Re: Filtering outgoing email Gary Flynn (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Charles Seitz (Jun 23)
- Re: Filtering outgoing email Joe Vieira (Jun 23)
- Re: Filtering outgoing email Jeremy Mooney (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Roger Safian (Jun 23)
- Re: Filtering outgoing email Irish, Adrian L (Jun 23)
- Re: Filtering outgoing email Jesse Thompson (Jun 24)
- Re: Filtering outgoing email Todd Clementz (Jun 24)