Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [EXTERNAL] Re: [SECURITY] Notifications of external emails

From: Frank Barton <bartonf () HUSSON EDU>
Date: Wed, 8 Feb 2017 14:04:57 -0500
Alan, yes. it does break pretty much any kind of digital signature (with
the exception of the inline PGP signatures)

Frank

On Wed, Feb 8, 2017 at 1:55 PM, Alan Amesbury <amesbury () oitsec umn edu>
wrote:


On Feb 8, 2017, at 10:37 , Cecka, Benjamin <BCecka () CLARK EDU> wrote:


Since August we’ve been phished persistently and we also implemented the

“[EXTERNAL]” subject prefix on all of our inbound email. We also had some
resistance but it hasn’t gotten to the point where we felt the need to
reconsider. It took a few days of adjusting as some internal email was
being flagged incorrectly and there was objection to flagging student
messages and some hosted web applications. All in all there was also
positive feedback and the campus seems to have adjusted well to it.

Interesting approach, but doesn't this break DKIM signatures?


--
Alan Amesbury
University Information Security
http://umn.edu/lookup/amesbury





-- 
Frank Barton
ACMT
IT Systems Administrator
Husson University
Previous By Date Next
Previous By Thread Next

Current thread: