Re: Gmail Options for SPAM and Phishing

[James Farr <jfarr () UTICA EDU>]

Thank you for those who responded.  Sorry it took so long to get this out. I am not sure we received enough responses 
to draw any conclusions. I am open to additional online or offline discussions.

Q1 Enhanced Pre-delivery Message Scanning

Enabled 5 (71%)
Disabled 2 (29%)

Comment
If users find this feature needs too great of a delay, they can always use office phones, Hangouts, etc.

Q2 SPAM Options

Aggressive SPAM Filtering 4 (57.1%)
Bypass Internal Senders 4 (57.1%)
Bypass Approved Senders 6 (85.7%)
Quarantine Message 2 (28.6%)

Q3 Use of Aggressive SPAM Filtering

We currently use Aggressive SPAM filtering      1 (14.3%)
We are considering using Aggressive SPAM filtering      0
We have no plans on enabling Aggressive SPAM filtering  3 (42.9%)
We previously enabled Aggressive SPAM filtering, but later disabled it. 3 (42.9%)

Comments on SPAM Options
-We've got some various addresses that we've whitelisted (Canvas, Box, etc)
-We were a postini customer prior to Google buying them. Once converted to Google, we had horrible experience. We tried 
every setting possible to help with the email threats we were receiving, and finally decided to ditch Google, and 
purchased Proofpoint. Since we transitioned to Proofpoint, in about a year, we've only had to send one advisory email, 
versus 2-4 a week with google. If you talk to someone like Gartner, they will say you need more of a third-party to 
handle your email security if you want granular control and more visibility. I cannot tell you enough, you need a 
different service than what Google provides.
-Only a handful of instances have prompted feedback from users about mail that they wished had been labeled as spam and 
had never entered their inboxes.

Q4 Attachment features enabled? 

Disable all settings 4 (66.7%)
Enable All Settings 3 (50%)
Protect against Encrypted Attachments Warning Message 3 (50%)
Protect against Encrypted Attachments Filter to SPAM 3 (50%)
Protect against attachments with script Warning Message 3 (50%)
Protect against attachments with script Filter to SPAM 3 (50%)

Comments on Attachments Protection
Applied "apply future recommended settings automatically". We are considering this and have never enabled they before.

Q5 Links and External Images

Disable All Settings 3 (50%)
Enable All Settings 3 (50%)
Identify links behind Shortened URL's 4 (66.7%)
Scan Linked Images 4 (66.7%)
Show Warning Prompt for any click on link 4 (66.7%)

Comments on Links
Applied "apply future recommended settings automatically" also. 

Q6  Spoofing and authentication

Disable all settings 4 (80%)
Enable all settings 1 (20%)
Protection against domain spoofing 2 (40%)
Protect against spoofing of employee name 2 (40%)
Protect against inbound email spoofing 1 (20%)
Protect against any unauthenticated email 1 (20%)

Comments on Spoofing
-We're still exploring using DKIM. We're not there yet. I really like the protection of domain/employees names.
-I've had this enabled in the past, but had to disable it. The warnings were freaking people out and we simply couldn't 
keep up with the questions associated with them. It seems the warnings related to attachments are well understood and 
don't freak people out. When it comes to spoofing, etc., they don't really know what to make of it. Hopefully I'll be 
able to re-enable in the future.
-Applied "apply future recommended settings automatically". We are tightening our email authentication and repudiation 
settings and so the last three options are not 100% positive.

We have enabled the "protect against spoofing of employee names" roughly a year ago. Due to a misconfigured server's 
SMTP settings, we needed to disable this feature last 2018. It took more than 24 hours to be disabled. It took more 
than 48 hours. More than 72 hours. More than a week!
Other Comments
-As our "Gsuite Admin" I turned these features on when they were made available. I've not received any complaints.
-Whitelisting is terrible but necessary. The Google alert center (https://admin.google.com/ac/ac) has an alert type 
named "phishing in inboxes due to bad whitelist" and that is wonderful.

James Farr ’05 G’12
Director of Information Security and Network Specialist
Utica College 
jfarr () utica edu
315-223-2386