Educause Security Discussion mailing list archives
Re: [External] Re: [SECURITY] Transport rule to put a header on external email
From: "Gregg, Christopher S." <csgregg () STTHOMAS EDU>
Date: Thu, 9 May 2019 18:25:33 +0000
Our path is almost exactly the same. We've settled on just [External] in the subject line after trying a few other variations. We've enabled the rule for approximately 600 pilot users so far, and plan to enable the rule campus-wide soon. We've had very positive feedback since settling on just the subject line insertion. We're also whitelisting some highly trusted domains. Unfortunately one of them is no-reply[at]sharepointonline[dot]com which we have since seen as a phishing attack vector from compromised accounts in other tenants. We're working with Microsoft to find a way to identify (and possibly filter) SharePoint notifications as internal vs. external to our tenant but haven't had much luck so far. FWIW, we are also piloting data loss prevention rules with the same pilot group to prevent unencrypted transmission of highly sensitivity data. That is also going fairly well though it hits on some false positives. Thanks, Chris Chris Gregg Associate Vice President of Information Security & Risk Management, CISO Information Technology Services (ITS) csgregg () stthomas edu<mailto:csgregg () stthomas edu> p 1 (651) 962-6265 University of St. Thomas | stthomas.edu<https://www.stthomas.edu> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Erik D Evans Sent: Thursday, May 9, 2019 12:36 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [External] Re: [SECURITY] Transport rule to put a header on external email We piloted prepending [EXTERNAL] to the subject, as well as variations of warnings either prepended or appended to the body of messages. Ultimately, we ended up only doing the subject prepend due to feedback we received during the pilot. In the beginning of April we implemented this for all users. Yes, we are whitelisting all 3rd parties that send on our behalf. After quite a bit of concern from faculty prior to implementation we have received very few complaints post implementation. Still monitoring how this is impacting compromises but we have definitely noticed an increase in awareness since implementing this. _______________________ Erik Evans Manager of Information Security Information Technology Services Bowling Green State University evanse () bgsu edu<mailto:evanse () bgsu edu> http://www.bgsu.edu/infosec<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bgsu.edu%2Finfosec&data=02%7C01%7Ccsgregg%40STTHOMAS.EDU%7C10d734e3d3664a7fc65908d6d4a4c548%7Ca081ff79318c45ec95f338ebc2801472%7C1%7C0%7C636930201553062602&sdata=c%2Fh5WtfSRc2qnv45xOBZPO0OcdPaJSjOrrd9gm1jQ04%3D&reserved=0> This e-mail, including any attachments, may contain information that is protected by law as privileged and confidential, and is transmitted for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying or retention of this e-mail or the information contained herein is strictly prohibited. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Mandi Witkovsky Sent: Tuesday, May 7, 2019 9:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [EXTERNAL] [SECURITY] Transport rule to put a header on external email For those who have a rule set up to add a header to incoming external email, have you seen a decrease in security events, or a corresponding increase in awareness? Did you whitelist any 3rd parties that send on your behalf so that the header doesn't appear? Have you seen any pushback from people? Thoughts on adding a header vs prepending "EXTERNAL" or some such in the subject line? We're looking into adding this, and I wondered what experience you all have had. Thanks, mandi
Current thread:
- Transport rule to put a header on external email Mandi Witkovsky (May 07)
- Re: Transport rule to put a header on external email Madl, Michael (May 07)
- Re: Transport rule to put a header on external email Frank Barton (May 07)
- Message not available
- Re: Transport rule to put a header on external email Coller, Jon (May 07)
- Re: Transport rule to put a header on external email Frank Barton (May 07)
- Re: Transport rule to put a header on external email Madl, Michael (May 07)
- Re: Transport rule to put a header on external email Thomas Carter (May 07)
- Re: Transport rule to put a header on external email Erik D Evans (May 09)
- Re: [External] Re: [SECURITY] Transport rule to put a header on external email Gregg, Christopher S. (May 09)