Educause Security Discussion mailing list archives
Re: Gmail Options for SPAM and Phishing
From: James Farr <jfarr () UTICA EDU>
Date: Wed, 24 Apr 2019 15:08:40 +0000
Thank you for those who responded. Sorry it took so long to get this out. I am not sure we received enough responses to draw any conclusions. I am open to additional online or offline discussions. Q1 Enhanced Pre-delivery Message Scanning Enabled 5 (71%) Disabled 2 (29%) Comment If users find this feature needs too great of a delay, they can always use office phones, Hangouts, etc. Q2 SPAM Options Aggressive SPAM Filtering 4 (57.1%) Bypass Internal Senders 4 (57.1%) Bypass Approved Senders 6 (85.7%) Quarantine Message 2 (28.6%) Q3 Use of Aggressive SPAM Filtering We currently use Aggressive SPAM filtering 1 (14.3%) We are considering using Aggressive SPAM filtering 0 We have no plans on enabling Aggressive SPAM filtering 3 (42.9%) We previously enabled Aggressive SPAM filtering, but later disabled it. 3 (42.9%) Comments on SPAM Options -We've got some various addresses that we've whitelisted (Canvas, Box, etc) -We were a postini customer prior to Google buying them. Once converted to Google, we had horrible experience. We tried every setting possible to help with the email threats we were receiving, and finally decided to ditch Google, and purchased Proofpoint. Since we transitioned to Proofpoint, in about a year, we've only had to send one advisory email, versus 2-4 a week with google. If you talk to someone like Gartner, they will say you need more of a third-party to handle your email security if you want granular control and more visibility. I cannot tell you enough, you need a different service than what Google provides. -Only a handful of instances have prompted feedback from users about mail that they wished had been labeled as spam and had never entered their inboxes. Q4 Attachment features enabled? Disable all settings 4 (66.7%) Enable All Settings 3 (50%) Protect against Encrypted Attachments Warning Message 3 (50%) Protect against Encrypted Attachments Filter to SPAM 3 (50%) Protect against attachments with script Warning Message 3 (50%) Protect against attachments with script Filter to SPAM 3 (50%) Comments on Attachments Protection Applied "apply future recommended settings automatically". We are considering this and have never enabled they before. Q5 Links and External Images Disable All Settings 3 (50%) Enable All Settings 3 (50%) Identify links behind Shortened URL's 4 (66.7%) Scan Linked Images 4 (66.7%) Show Warning Prompt for any click on link 4 (66.7%) Comments on Links Applied "apply future recommended settings automatically" also. Q6 Spoofing and authentication Disable all settings 4 (80%) Enable all settings 1 (20%) Protection against domain spoofing 2 (40%) Protect against spoofing of employee name 2 (40%) Protect against inbound email spoofing 1 (20%) Protect against any unauthenticated email 1 (20%) Comments on Spoofing -We're still exploring using DKIM. We're not there yet. I really like the protection of domain/employees names. -I've had this enabled in the past, but had to disable it. The warnings were freaking people out and we simply couldn't keep up with the questions associated with them. It seems the warnings related to attachments are well understood and don't freak people out. When it comes to spoofing, etc., they don't really know what to make of it. Hopefully I'll be able to re-enable in the future. -Applied "apply future recommended settings automatically". We are tightening our email authentication and repudiation settings and so the last three options are not 100% positive. We have enabled the "protect against spoofing of employee names" roughly a year ago. Due to a misconfigured server's SMTP settings, we needed to disable this feature last 2018. It took more than 24 hours to be disabled. It took more than 48 hours. More than 72 hours. More than a week! Other Comments -As our "Gsuite Admin" I turned these features on when they were made available. I've not received any complaints. -Whitelisting is terrible but necessary. The Google alert center (https://admin.google.com/ac/ac) has an alert type named "phishing in inboxes due to bad whitelist" and that is wonderful. James Farr ā05 Gā12 Director of Information Security and Network Specialist Utica College jfarr () utica edu 315-223-2386
Current thread:
- Gmail Options for SPAM and Phishing James Farr (Apr 09)
- <Possible follow-ups>
- Re: Gmail Options for SPAM and Phishing James Farr (Apr 24)