Educause Security Discussion mailing list archives
Re: Phishing, Spam Solutions
From: Bob Bayn <bob.bayn () USU EDU>
Date: Tue, 11 Jun 2013 15:34:35 +0000
I will add a vote for Ironport email filtering. The past 30 days, our pair of Ironport M1070s have blocked 93.9% of incoming email, without complaint. However, the brief phish messages that are so common still come through, to a large extent. The messages come from compromised email accounts on systems with generally good reputations and they often link to fairly trusted web servers. The password collection forms are often hosted on "reputable" web hosting services or on recently hacked websites. The Ironport reputation analysis strategy that works so well, has a hard time with these. Our Ironports are currently watching for any links on about a dozen hosts and adding a warning of the possibility of a phishing scam. For more details about our situation, see: https://it.usu.edu/computer-security/be-an-internet-skeptic/form-services/ Meanwhile, we have an active "Be an Internet Skeptic" campaign to alert our staff and students about the potential for mischief, especially via social engineering. Bob Bayn SER 301 (435)797-2396 IT Security Team Office of Information Technology, Utah State University three common hazardous email scams to watch out for: 1) unfamiliar transaction report from familiar business 2) attachment with no explanation in message body 3) "phishing" for your email password ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Josh Flaherty [Josh.Flaherty () INDSTATE EDU] Sent: Tuesday, June 11, 2013 9:16 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Phishing, Spam Solutions Hello, We recently switched from open source packages (Sendmail, Spamassassin, Mimedefang, Clamav) to Cisco IronPort Appliances. The appliances were fairly expensive but have greatly reduced the amount of spam and phishing that gets through. Comparing the effectiveness of the open source mail gateways to the Iron Port, the amount of spam getting through has dropped by approximately half. Open Source Mail Gateways IronPort Clean Messages Clean Messages Friday 3/1/2013 64126 Friday 3/15/2013 30137 Monday 3/4/2013 64126 Monday 3/18/2013 35019 Tuesday 3/5/2013 69133 Tuesday 3/19/2013 37597 The IronPorts utilize the largest global email monitoring network which is SenderBase. We have also been extremely pleased with all of the functionality and features that the IronPorts have out of the box. If anyone has any specific questions feel free to contact me either directly or through the mailing list. Thanks. -Josh Flaherty From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David James Anderson Sent: Tuesday, June 11, 2013 10:56 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Phishing, Spam Solutions Good Morning, We are looking to reduce the number of phishing emails getting to our users' inbox. We currently have a homebrew filter of sorts and were wondering what is out there in the free and commercial worlds. We're envisioning a software that keeps itself up-to-date with a global list somewhere, but also has the functionality of allowing us to add custom rules for phishes specific to us. What tools do you use and what would you recommend to others? -- -David. David Anderson Information Security Analyst, Senior Information Technology Systems Northern Arizona University (928) 523-1225
Current thread:
- Phishing, Spam Solutions David James Anderson (Jun 11)
- Re: Phishing, Spam Solutions Josh Flaherty (Jun 11)
- Re: Phishing, Spam Solutions Bob Bayn (Jun 11)
- Re: Phishing, Spam Solutions Katsuya Uchida (Jun 11)
- Re: Phishing, Spam Solutions Valdis Kletnieks (Jun 18)
- Re: Phishing, Spam Solutions Josh Flaherty (Jun 11)