Educause Security Discussion mailing list archives

Re: Notifications of external emails


From: "Harris, Brent" <BHarris () UMHB EDU>
Date: Wed, 8 Feb 2017 16:19:01 +0000

Interesting topic – haven’t tried this but brainstorming and googling brings a couple of thoughts:

Exchange Message Classification might be useful for this (if you’re running Exchange).

You might be able to use your inbound email scanner to inject text into the header, that would not be seen by the end 
user, and use that header text to trigger a rule that would categorize or format those message to signify that it came 
from outside the organization.

Brent Harris
Vice President for Information Technology
University of Mary Hardin-Baylor

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Thomas 
Carter
Sent: Wednesday, February 8, 2017 9:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Notifications of external emails

This is more to combat the traditional “HR is validating your last paycheck. Click the link and enter your account 
info” type of phishing. Something procedural will get generally ignored by many departments when sending out emails, so 
we’re looking for something more automatic.

Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu<http://www.austincollege.edu/>
[http://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Napier, 
Mark E
Sent: Wednesday, February 8, 2017 9:04 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Notifications of external emails

What about encouraging or requiring your users to use S/MIME to sign their emails? That would also cover the situation 
in which a machine on the internal network is engaged in pushing. (In most cases, anyway)

--
Mark E. Napier   MIS, CIPT
Deputy Director of Information Technology /
Chief Information Privacy and Security Officer
School of Informatics and Computing
Indiana University








On Feb 8, 2017, at 9:57 AM, Thomas Carter <tcarter () AUSTINCOLLEGE EDU<mailto:tcarter () austincollege edu>> wrote:

We are trying to combat phishing by making users more aware of emails that come from outside campus vs internal emails. 
We’ve trialed using a mail rule to modify the subject line and prepend a flag (like “EXTERNAL:” or similar) but users 
complained it caused confusion (?) and they didn’t like emails to be modified. I suspect a disclaimer added to the body 
of the message would be either ignored or disliked for the same reasons.

Has anyone else done something to somehow flag external emails? What was the feedback? How well does it work?

Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu<http://www.austincollege.edu/>
<image001.gif>


Current thread: