Re: Email Banner

["Douglas R. Lomsdalen" <dlomsdal () CALPOLY EDU>]

Today was “Day 1” of enabling [EXTERNAL] in the subject line within our IT organization for testing/tuning (before 
rolling out campus-wide).  The timing of this email topic was perfect.

The downside is long subject lines; here’s the subject line before I edited it:  Re: [EXTERNAL] Re: [SECURITY] Email 
Banner

We chose not to use the Banner inside the email.
Doug
Douglas R. Lomsdalen
Information Security Officer
Information Technology Services
Cal Poly San Luis Obispo
1 Grand Avenue
San Luis Obispo, CA 93407-0007
_____
email dlomsdal () calpoly edu<mailto:dlomsdal () calpoly edu>
www.calpoly.edu <http://www.calpoly.edu>



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Fowler, Becky 
Thurmond" <becky () MISSOURI EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Wednesday, June 24, 2020 at 9:58 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [EXTERNAL] Re: [SECURITY] Email Banner

We just did this last week and it’s been really difficult.  End users hate it because our banner takes up all of the 
preview space on mobile devices and in mail clients.  They also quibble with our wording.  And we had a number of 
requests to whitelist external senders that are clearly external but are in some kind of business relationship with us, 
so now we’re in the middle of exception request hell.

Our current banner is this:

WARNING: This message has originated from an External Source. This may be a phishing expedition that can result in 
unauthorized access to our IT System. Please use proper judgment and caution when opening attachments, clicking links, 
or responding to this email.

We’re considering shortening it or going to subject line tagging.  It’s a work in progress.
Becky


Becky Fowler
Interim Chief Information Security Officer
Division of IT
University of Missouri

From: The EDUCAUSE Security Community Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Blake Brown
Sent: Wednesday, June 24, 2020 11:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Email Banner

External Email: Do not click any links or open any attachments unless you trust the sender and know the content is safe.
We implemented this last year along with follow up communications on the how and why of it. This small change has 
provided a noticeable improvement with end user security and reduced link clicking on external emails. Like others we 
had a small group who did not like it but the net effect was positive.

~Blake

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Boyd, Daniel <dboyd () BERRY EDU<mailto:dboyd () BERRY EDU>>
Sent: Wednesday, June 24, 2020 8:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Email Banner

External Email

We have implemented an external email banner, as you can see below. While it has not made huge improvements in user 
behavior (and some users will just never “get it”) it has made a positive impact and I have (non-OIT) users who mention 
the fact that “that email had the big yellow banner on it” when discussing the validity of a given email.



I see it as another layer, but definitely not a silver bullet and there of course have been complaints leveled at it 
due to the fact that users can’t preview emails in the email list anymore because many emails start with the banner so 
they all look the same until they are opened.



But net positive effect so far.



Dan





Daniel H. Boyd (94C)
Director of Information Security

Office of Information Technology

Information Security Advisory Group Chair
Berry College
Phone: 706-236-1750
Fax:     706-238-5824

https://infosec.berry.edu<https://infosec.berry.edu/>

There are two rules to follow concerning your account passwords:
1. NEVER SHARE YOUR PASSWORDS WITH ANYONE (EVEN OIT!!!!)
2. If unsure, consult rule #1



Information Security wants to know what you want to know about! If there is a topic within information security you 
would like to know more about please let me know using any of my contact information above.







From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Ballister, Mark
Sent: Wednesday, June 24, 2020 10:53 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Email Banner



CAUTION: This email originated from outside of the Berry College organization. Do not click links or open attachments 
unless you know the content is safe. Email infosec () berry edu<mailto:infosec () berry edu> if in doubt.

Good afternoon,



I am looking for information on who has implemented an external email banner and who has not.  For those that have, 
have you seen an improvement in user behavior around phishing?  Thank you for your time.



Thank you,

Mark



Mark J. Ballister, CPP | CISM | CISSP

Chief Information Security Officer (CISO)

University of Rochester

(585) 276-6200 (Office)

(585) 472-2361 (mobile)



[UR.4col.v2]



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community