Educause Security Discussion mailing list archives
Re: URL re-writing in emails
From: Brian Epstein <bepstein () IAS EDU>
Date: Thu, 21 Jan 2021 13:55:22 -0500
Hi Ravi, We investigated URL re-writing tools a number of years ago. We also teach our folks to hover over links and try to determine if they are malicious or not. Another worry was for signed emails. Changing the URLs will break the signature. I would check with your vendor to see if they have a setting that allows you to address this concern. Maybe they can not re-write emails that are signed (although, signing an email isn't that hard, so does it help)? As opposed to re-writing anything in the email, we chose to go the route of a DNS checking system. Cisco Umbrella (formerly OpenDNS) gives us this ability without having to re-write the URLs. This is definitely not a full protection, either, and also has its own issues. For example, anyone who checks their email off campus needs to be connected to our VPN to get this protection. Umbrella offers an agent for client devices that aren't on our network, but we try to avoid requiring agents. We could also limit email connectivity from our campus IPs, but that would probably create an unwanted burden on our clients. We found that DNS checking was better received by our clients than URL re-writing. I would say that this is highly dependent upon the culture of your school and expectations of your faculty and staff. All the best, Brian -- Brian Epstein <bepstein () ias edu> +1 609-734-8179 Manager, Network and Security, CISO Institute for Advanced Study Key fingerprint = A6F3 9F5A 26C5 5847 79ED C34C C0E5 244A 55CA 2B78 ----- Original Message ----- From: "Ravi Kotecha" <kotechar () BRANDEIS EDU> To: "The EDUCAUSE Security Community Group Listserv" <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Tuesday, January 19, 2021 6:13:05 PM Subject: [SECURITY] URL re-writing in emails Greetings, I'm curious about your experiences using tools that rewrite URLs in emails. We have Proofpoint's suite and one of the features rewrites URLs in emails with an https://urldefense.com/ prefix and clicking the link will pass through Proofpoint's servers. One piece of feedback we received in a pilot was that we had been teaching folks to hover over URLs to determine the destination before clicking links. With re-writing, all links are changed for external sites so that advice is no longer reliable. I'm interested in experiences others have had using this feature. For example: - Have you received negative feedback? If so, how have you addressed it? - How have you augmented awareness training? - Are there any success stories you wish to share? Thanks in advance, Ravi Kotecha kotechar () brandeis edu -- Ravi Kotecha '10, M.S. '14, M.S. '20 Privacy & Information Security Analyst Information Technology Services Submit a security request: security () brandeis edu Report phishing: phishing () brandeis edu ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- URL re-writing in emails Ravi Kotecha (Jan 19)
- Re: [EXTERNAL] [SECURITY] URL re-writing in emails Jason Edelstein (Jan 19)
- Re: URL re-writing in emails Brian Epstein (Jan 21)
- DNS checking Nathan Phillips (Jan 21)
- Re: DNS checking Menne, Michael S (Jan 21)
- DNS checking Nathan Phillips (Jan 21)
- <Possible follow-ups>
- Re: URL re-writing in emails Walter Roshon (Jan 20)
- Re: URL re-writing in emails Bole, Jim A (Jan 20)
- Re: URL re-writing in emails Beth Albertson (Jan 20)
- Re: URL re-writing in emails Bole, Jim A (Jan 20)