Re: Gmail, etc. - Forwarding Email to Personal Accounts!

[Theresa M Rowe <rowe () OAKLAND EDU>]

We've hit that block too, but it appears to be mostly generated from email campaigns to alumni and prospective 
students.  The university operations for those areas gather all these personal email addresses, then send an email 
campaign to sally () aol com.  Sally receives the email and marks it as spam.  Enough Sallys and all email from the 
domain is blocked.  Certainly forwarding contributes to the situation, but so far, it seems that the bigger campaigns 
are the problem.
Theresa

---- Original message ----
> Date: Thu, 9 Nov 2006 09:50:54 -0500
> From: Mike Wiseman <mike.wiseman () UTORONTO CA>  
> Subject: Re: [SECURITY] Gmail, etc. - Forwarding Email to Personal Accounts!  
> To: SECURITY () LISTSERV EDUCAUSE EDU
>
>   I agree with Geoff - the aspects of email security
>   such as authentication, privacy, archival, etc.
>   apply to institutional as well as external email
>   service providers.
>    
>   Our institution is experiencing a non
>   security-related but problematic issue with
>   forwarding email: block list and tarpitting by third
>   party providers who detect spam or virus laden
>   email forwarded (not originating) from institutional
>   servers. The provider then restricts or blocks *all*
>   email from our domain. Just when we're trying to
>   fully integrate email into student-institution
>   communications.
>    
>   Regards,
>    
>   Mike
>    
>    
>   Mike Wiseman
>   Manager - Computer Security Administration
>   Computing and Networking Services
>   University of Toronto  
>
>     Sadler, Connie wrote:
>
>       Hi, all… we have more and more people (faculty
>       and staff as well as students) who want to
>       forward their work-related messages, as well as
>       their personal messages, to one central email
>       account, usually gmail. Obviously, I am
>       concerned about having potentially sensitive
>       university email content sitting on a gmail
>       server. What are you folks doing to manage these
>       sorts of requests? Are you preventing staff or
>       faculty from doing this? If so, how has that
>       worked? We are rapidly moving toward
>       expectations people have of having all of their
>       messaging funneled to one place, and while this
>       is certainly convenient, I'm quite concerned
>       about how we can ensure a reasonable level of
>       security.
>
>       Thanks -
>
>     We encourage our people to forward their Wayne
>     State e-mail to another account if they regularly
>     use other accounts (i.e. rather than not read our
>     sparkling prose at all), but people shouldn't be
>     sending that kind of sensitive e-mail anyway--or
>     at least not without encrypting it.  Not that
>     we've suggested encrypting either...
>
>     Geoff
>
>  
> ________________
> smime.p7s (6k bytes)