Educause Security Discussion mailing list archives
Re: Blacklisting and Tar-pitting
From: Michael Young <Michael.Young () RIT EDU>
Date: Wed, 6 Aug 2008 08:09:04 -0400
Jay- We see this on and off here at RIT. Not only do we seeing forwarded e-mail being tar-pitted, but we've also seen an increase in quarantined false positives on our inbound side. When I investigated those further, I found that those lists are marketing sites that were getting quarantined were also not managing their list base. There was a higher percentage of addresses that were no longer valid. It wasn't the spam that was being forwarded that was the problem, it was the number of messages being forwarded to non-existant addresses. Directory harvest attack protection has a high return as a spam protection measure, but it can stop mail from flowing as users abandon their accounts. Students abandon e-mail accounts constantly, particularly after they leave. Once I started aggressively getting those people off the lists and/or marking the forwarding as invalid, mail started flowing again. For some of the lists, I had to unsubscribe 40+ individuals that left our institution sometime in the past. Michael Young RIT -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jay Graham Sent: Wednesday, August 06, 2008 7:34 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Blacklisting and Tar-pitting Folks, Here at the University of Pittsburgh, we allow our users to forward their official University email address <username () pitt edu> either on campus to a departmental e-mail server or off campus to another provider. We have been dealing with the external providers Blacklisting us for some time, but recently it seems to have become chronic and we are Blacklisted now more than we are not Blacklisted. We put measures in place for SPAM filtering and have really cracked down on security so that compromised workstations are not spewing spam. I know there are several things we can do about this. Some are radical like not allowing forwarding of email off campus and others are less radical like trying to white list us with the major providers or implement domain keys or SPF. I am wondering what other Universities that allow forwarding are doing to combat the blacklisting problem. Is this something obvious we are missing or is this a real problem that everyone is facing? Jay Graham University of Pittsburgh jwg () pitt edu ================
Current thread:
- Blacklisting and Tar-pitting Jay Graham (Aug 06)
- <Possible follow-ups>
- Re: Blacklisting and Tar-pitting Michael Young (Aug 06)
- Re: Blacklisting and Tar-pitting Jason C.Belford (Aug 06)
- Re: Blacklisting and Tar-pitting Roger Safian (Aug 06)
- Re: Blacklisting and Tar-pitting Patrick P Murphy (Aug 06)
- Re: Blacklisting and Tar-pitting Jesse Thompson (Aug 08)