Educause Security Discussion mailing list archives

Re: Blacklisting and Tar-pitting

From: Michael Young <Michael.Young () RIT EDU>
Date: Wed, 6 Aug 2008 08:09:04 -0400

Jay-

We see this on and off here at RIT.

Not only do we seeing forwarded e-mail being tar-pitted, but we've also
seen an increase in quarantined false positives on our inbound side.
When I investigated those further, I found that those lists are
marketing sites that were getting quarantined were also not managing
their list base.  There was a higher percentage of addresses that were
no longer valid.

It wasn't the spam that was being forwarded that was the problem, it was
the number of messages being forwarded to non-existant addresses.
Directory harvest attack protection has a high return as a spam
protection measure, but it can stop mail from flowing as users abandon
their accounts.  Students abandon e-mail accounts constantly,
particularly after they leave.

Once I started aggressively getting those people off the lists and/or
marking the forwarding as invalid, mail started flowing again.  For some
of the lists, I had to unsubscribe 40+ individuals that left our
institution sometime in the past.

Michael Young
RIT

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jay Graham
Sent: Wednesday, August 06, 2008 7:34 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Blacklisting and Tar-pitting

Folks,

Here at the University of Pittsburgh, we allow our users to forward 
their official University email address <username () pitt edu> either on 
campus to a departmental e-mail server or off campus to another
provider.

We have been dealing with the external providers Blacklisting us for 
some time, but recently it seems to have become chronic and we are 
Blacklisted now more than we are not Blacklisted. We put measures in 
place for SPAM filtering and have really cracked down on security so 
that compromised workstations are not spewing spam.

I know there are several things we can do about this. Some are radical 
like not allowing forwarding of email off campus and others are less 
radical like trying to white list us with the major providers or 
implement domain keys or SPF.

I am wondering what other Universities that allow forwarding are doing 
to combat the blacklisting problem. Is this something obvious we are 
missing or is this a real problem that everyone is facing?

Jay Graham
University of Pittsburgh
jwg () pitt edu
================

Current thread:

Blacklisting and Tar-pitting Jay Graham (Aug 06)
- <Possible follow-ups>
- Re: Blacklisting and Tar-pitting Michael Young (Aug 06)
- Re: Blacklisting and Tar-pitting Jason C.Belford (Aug 06)
- Re: Blacklisting and Tar-pitting Roger Safian (Aug 06)
- Re: Blacklisting and Tar-pitting Patrick P Murphy (Aug 06)
- Re: Blacklisting and Tar-pitting Jesse Thompson (Aug 08)