Educause Security Discussion mailing list archives
Re: Sustained spamming of single mailbox
From: "Kimmitt, Jonathan" <jonathan-kimmitt () UTULSA EDU>
Date: Thu, 31 Dec 2020 18:42:52 +0000
We have had this happen several times, usually it’s a faculty member, and we suspect it was caused by a disgruntled student…. At first, we tried doing the normal processes, but ended up each time giving a new mailbox, and taking the old alias and moving it to a mailbox, that was restricted to only allow mail from itself… That way the mailbox would ‘bounce back’ a message to all outside mail servers… after a few months, we would pull the restrictions and check how many were still hitting the mailbox…. Normally it dies down to a normal level and we could give back the alias to the faculty member…. Moving the alias gives you a lot of flexibility, but it’s a painful process of communicating to everyone the new email…… We mostly do it as a last resort, but is generally welcomed by the employee to stop the massive amounts of unwanted email…. -Jonathan ~ Jonathan Kimmitt CISSP, FIP, CDPSE, CIPP/E, CIPM, CIPT, GLEG, GPEN, GSNA, PCIP, CEH Chief Information Security Officer Information Technology The University of Tulsa 918.631.2743 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ken Connelly Sent: Thursday, December 31, 2020 11:12 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Sustained spamming of single mailbox A new account/address without any connection to the previous may be the only way to stem the tide. That's obviously a fairly drastic step but it may be what it takes. Depending on the nature of the spam, a graylist type of filter may also provide some relief. -ken On 12/31/20 10:44 AM, Bole, Jim A wrote: I’d appreciate any suggestions on how to mitigate or stop an unusual spam attack against a single mailbox. We have one account that is being continually spammed with 1-1.5K spam emails a day for almost 10 days. We’ve quarantined all inbound external email as a workaround. The emails appear to be random spam including newsletters, shopping and in various languages. Sample subject lines: С наступающим НОВЫМ 2021 годом - БЕЛОГО МЕТАЛЛИЧЕСКОГО БЫКА!!! Your privacy is key 🔐 [SITREP] Survival Dispatch The Morning Notes | Fiscal Spending and Bond Yields End of Year Gown Promotion! IndieWire Staff Picks Year's Best Films; Wild Box Office Path of 'The Exorcist'; 2020 Changes to Industry Guess what’s back in stock? A guide to your 2020 personal annual review [Achtung!] Ich analysiere dein Business persönlich Kick-start 2021 with our top 5 Sales Master your home life, from welding to gardening! I have a hunch that someone intentionally targeted the user with some sort of dark web “spam as a service” The user isn’t aware of anyone who might be targeting him/her. Any help or info greatly appreciated. Jim Bole Chief Information Security Officer Information Technology Services University at Albany, IT Building 102F, 1400 Washington Avenue, Albany, NY 12222 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7Cb7127c6eccb84dfc8b7308d8adaf34ba%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C0%7C637450315305766169%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ss9KgcjV2N6RtjXjrihezVBbwVGqH5%2BCL2pTbIsrVkA%3D&reserved=0> -- - Ken ================================================================= Ken Connelly Director, Information Security Information Security Officer University of Northern Iowa email: Ken.Connelly () uni edu<mailto:Ken.Connelly () uni edu> p: (319) 273-5850 f: (319) 273-3010 Any request to divulge your UNI password via e-mail is fraudulent! ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjonathan-kimmitt%40UTULSA.EDU%7Cb7127c6eccb84dfc8b7308d8adaf34ba%7Cd4ff013c62b74167924f5bd93e8202d3%7C0%7C0%7C637450315305766169%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ss9KgcjV2N6RtjXjrihezVBbwVGqH5%2BCL2pTbIsrVkA%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Sustained spamming of single mailbox Bole, Jim A (Dec 31)
- Re: Sustained spamming of single mailbox Ken Connelly (Dec 31)
- Re: Sustained spamming of single mailbox Kimmitt, Jonathan (Dec 31)
- Re: Sustained spamming of single mailbox Ken Connelly (Dec 31)