Educause Security Discussion mailing list archives
Re:
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Wed, 15 Jun 2005 19:24:27 -0400
Our policy is meant to cover the situation where someone tries to spoof their address using our email system to send a message from one user to another. We do not block email from an external email service that uses screen names or other aliases to identify their users. Joel --On Wednesday, June 15, 2005 10:41 AM -0500 Dick Jacobson <Dick.Jacobson () NDSU NODAK EDU> wrote:
On Wed, 15 Jun 2005, Joel Rosenblatt wrote: Several of the policies cited in this discussion indicate that you may not allow mail into your system from Hotmail or Yahoo or anyplace else that allows non-name-based ids and/or do not know who their clients are. That may be a stretch but I believe that is the question being asked.Our network use policy: <http://www.columbia.edu/cu/policy/network_use.html> Has the following section: 22. All messages must show accurately from where and from whom the message originated, except in the rare, specific cases where anonymous messages are invited. Joel Rosenblatt Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel --On Wednesday, June 15, 2005 8:28 AM -0400 Gary Flynn <flynngn () JMU EDU> wrote: > Theresa Semmens wrote: >> We're looking at the possibility of providing in a policy that it >> would be an acceptable use violation to misrepresent who one is when >> communicating with a university official; particularly as it applies >> to employees. >> >> This is to get at the situation where someone uses an alias to >> communicate on a work related matter to someone else. >> >> I'm wondering if any of you have such a restriction in place, or could >> point me to a policy with such a restriction. Any advice or >> suggestions would be helpful. > > > Our AUP has the following language: > > "# Not use university resources or computers attached to > the university network to falsify identity, for example by: > > * Providing "pass through" service > * Sending electronic mail under forged headers" > > By strict interpretation, if an external computer > is used to send a forged message through the JMU > network and/or to a JMU account, that is use of > university resources. > > > http://www.jmu.edu/JMUpolicy/1207.shtml > > > > -- > Gary Flynn > Security Engineer > James Madison University Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel-- ----------------------------------------------------------------------- Dick Jacobson e-mail : Dick.Jacobson () ndus NoDak edu ND HECN MultiUser Host SysAd office : IACC 206, NDSU NDUS IT Security Officer phone : 701-231-7385 -----------------------------------------------------------------------
Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel
Current thread:
- Re: Joel Rosenblatt (Jun 15)