Re: Phishing, Spam Solutions

[Bob Bayn <bob.bayn () USU EDU>]

I will add a vote for Ironport email filtering.  The past 30 days, our pair of Ironport M1070s have blocked 93.9% of 
incoming email, without complaint.

However, the brief phish messages that are so common still come through, to a large extent.  The messages come from 
compromised email accounts on systems with generally good reputations and they often link to fairly trusted web 
servers.  The password collection forms are often hosted on "reputable" web hosting services or on recently hacked 
websites.  The Ironport reputation analysis strategy that works so well, has a hard time with these.

Our Ironports are currently watching for any links on about a dozen hosts and adding a warning of the possibility of a 
phishing scam.  For more details about our situation, see:
    https://it.usu.edu/computer-security/be-an-internet-skeptic/form-services/

Meanwhile, we have an active "Be an Internet Skeptic" campaign to alert our staff and students about the potential for 
mischief, especially via social engineering.

Bob Bayn    SER 301    (435)797-2396       IT Security Team
Office of Information Technology,     Utah State University
     three common hazardous email scams to watch out for:
     1) unfamiliar transaction report from familiar business
     2) attachment with no explanation in message body
     3) "phishing" for your email password
________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Josh Flaherty 
[Josh.Flaherty () INDSTATE EDU]
Sent: Tuesday, June 11, 2013 9:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Phishing, Spam Solutions

Hello,

We recently switched from open source packages (Sendmail, Spamassassin, Mimedefang, Clamav) to Cisco IronPort 
Appliances.  The appliances were fairly expensive but have greatly reduced the amount of spam and phishing that gets 
through.

Comparing the effectiveness of the open source mail gateways to the Iron Port, the amount of spam getting through has 
dropped by approximately half.

Open Source Mail Gateways



IronPort



Clean Messages



Clean Messages

Friday 3/1/2013

64126

Friday 3/15/2013

30137

Monday 3/4/2013

64126

Monday 3/18/2013

35019

Tuesday 3/5/2013

69133

Tuesday 3/19/2013

37597



The IronPorts utilize the largest global email monitoring network which is SenderBase.  We have also been extremely 
pleased with all of the functionality and features that the IronPorts have out of the box.  If anyone has any specific 
questions feel free to contact me either directly or through the mailing list.

Thanks.
-Josh Flaherty


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David 
James Anderson
Sent: Tuesday, June 11, 2013 10:56 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Phishing, Spam Solutions

Good Morning,

We are looking to reduce the number of phishing emails getting to our users' inbox.  We currently have a homebrew 
filter of sorts and were wondering what is out there in the free and commercial worlds.

We're envisioning  a software that keeps itself up-to-date with a global list somewhere, but also has the functionality 
of allowing us to add custom rules for phishes specific to us.  What tools do you use and what would you recommend to 
others?

--
-David.


David Anderson
Information Security Analyst, Senior
Information Technology Systems
Northern Arizona University
(928) 523-1225