Educause Security Discussion mailing list archives
Re: Email blacklists blocking campus mail servers
From: "Michael J. Kenney" <m.kenney () USCIENCES EDU>
Date: Mon, 8 Apr 2013 11:06:22 -0400
Hi John, If funding permits, you might want to look into a cloud-based anti-spam solution to direct your outbound mail through. This way if an account is compromised your email servers are never blacklisted. The vendor will give you a warning regarding the offending account. However you should put some checks into place, as Harry stated below, in order to stop the compromised account before getting a warning. We use Postini, but there are several other good options out there such as ProofPoint and EdgeWave. Thanks, Michael -- Michael Kenney Information Security Officer IT Department University of the Sciences 600 S. 43rd St. Philadelphia, PA 19104 215-596-7403 Office m.kenney () usciences edu | www.usciences.edu USciences: Where healthcare and science converge -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Harry Hoffman Sent: Thursday, April 04, 2013 12:57 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Email blacklists blocking campus mail servers Hi John, Lots of us have scripts in place to identify compromised accounts by the frequency and volume at which mail is being sent. Once a account meets that threshold you can take some action: reject mail, change password, etc. Blacklisting usually doesn't happen on "occasional" spam run with very low volume. You'll need to implement the same thing in any webmail offerings. Reach out to the service that blacklisted you and work with them to get un-blacklisted (or is it de-blacklisted.. I never know). If you use something like Nagios there's a plugin to check various blacklist feeds and report/alert if a specific ip address is on the blaclist. Implement this or something similiar so you know ASAP. Cheers, Harry On 04/04/2013 12:40 PM, John Bambenek wrote:
I was wondering how many people had experience with this type of incident where you campus mail servers got listed in email blacklists for compromised accounts sending out spam. How did you mitigate the problem once identified? j
Current thread:
- Email blacklists blocking campus mail servers John Bambenek (Apr 04)
- Re: Email blacklists blocking campus mail servers Rich Graves (Apr 04)
- Re: Email blacklists blocking campus mail servers Harry Hoffman (Apr 04)
- Re: Email blacklists blocking campus mail servers Michael J. Kenney (Apr 08)