Re: Transport rule to put a header on external email

[Thomas Carter <tcarter () AUSTINCOLLEGE EDU>]

We did this for about a week. Prior to implementation, we tested prepending a short sentence on at the beginning of the 
body of the message, but that was rejected. So instead we prepended "EXTERNAL:" to all email subjects coming from 
outside. There was an overwhelming outcry from the user base about this messing up the subjects and making it hard to 
read on mobile devices.  To appease them, we shortened it to "EXT:"  Then we had complaints about this being confusing 
when replying to valid external emails. Ultimately we were asked to remove it completely.

Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu<http://www.austincollege.edu/>

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Mandi Witkovsky
Sent: Tuesday, May 7, 2019 8:40 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Transport rule to put a header on external email

For those who have a rule set up to add a header to incoming external email, have you seen a decrease in security 
events, or a corresponding increase in awareness?  Did you whitelist any 3rd parties that send on your behalf so that 
the header doesn't appear?  Have you seen any pushback from people?  Thoughts on adding a header vs prepending 
"EXTERNAL" or some such in the subject line?

We're looking into adding this, and I wondered what experience you all have had.

Thanks,
mandi