Educause Security Discussion mailing list archives
Re: Flagging external emails and exceptions
From: "Bandy, John" <jbandy () SAMFORD EDU>
Date: Thu, 1 Oct 2020 01:00:35 +0000
We did something similar and did not flag external mailing list organizations that are used for University business. The montra here is "If it looks like it came from Samford, but has the [EXTERNAL] flag, then it can not be trusted". It has been very successful. We did not put anything in the body because of stories of dissatisfied customers from other schools. We tried (unsuccessfully) for years to train them to hover over the sender (on a mobile device). The EXTERNAL indicator has been very helpful to our customers. John Bandy Chief Information Security Officer Technology Services 205-726-2692<tel:+1205-726-2692> | office 205-726-2692 | fax JBandy () Samford Edu<mailto:JBandy () Samford Edu> Twitter<http://twitter.com/SamfordInfoSec> 800 Lakeshore Drive Birmingham, AL 35229<https://maps.google.com/maps?q=800+Lakeshore+Drive,+Birmingham,+AL+35229,+US> [mford Samford University Logo] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Blake Brown Sent: Wednesday, September 30, 2020 7:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [EXTERNAL]Re: [SECURITY] Flagging external emails and exceptions We applied the external tag last year and have provided a few exceptions, college B2B relationships (BlackBoard, MyEmma, EAB, etc.), which has not been too cumbersome to manage. Most users were ok with it, only a few dissenters. Highly recommended to deploy this as it was easy to train ends users to recognize and (hopefully) think twice before clicking on a link. Thanks, Blake ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Beth Albertson <albertb3 () WWU EDU<mailto:albertb3 () WWU EDU>> Sent: Wednesday, September 30, 2020 5:00 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] Flagging external emails and exceptions External Email Colleagues, We are thinking of flagging emails coming in external from our O365 tenant with either a red header at the top of each email or adding something like <EXTERNAL> to the subject line. I wanted to ask other schools that are doing this whether they are adding exceptions for external organizations that are trusted. For example, we use Jira, and I thought we could add this to an exception list. Some have argued that maintaining such a list could be cumbersome and could potentially confuse users because some external emails would be flagged and others would not. Does anyone have experience or thoughts on this matter? Sincerely, Beth Albertson, CISSP(r), PMP(r) Director of Information Security Western Washington University beth.albertson () wwu edu<mailto:beth.albertson () wwu edu> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://secure-web.cisco.com/1G4sWFelT6nkjt1m_lRrX5H4oM72-qQRruozHNhTahWNcs9tPByCYSTovTQ-u246Lm3uT98Zk_oSLyZf1PCqfrjBXdidAmIh6BKLKjsmOYrdZTlRZu7wWzgJSYp_-l7vkr04ECPrRRLcPqHOE2_Y3P_T7KHOgJhnR6QsftUDMd2NBkqUs2kiKetg_39XzxjviTpnNOedBjejXzONg120C02YQi4n-JLTHBAgPzkiqh0VszWi0v0m1sV3ym7cj0YwGlk8eMpyKHe--ZxmsVnfpdwD5HGPK4ptdy5lA8iP-dJlqmxAnEna47ezAP3X1FM-Q/https%3A%2F%2Fwww.educause.edu%2Fcommunity> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://secure-web.cisco.com/1G4sWFelT6nkjt1m_lRrX5H4oM72-qQRruozHNhTahWNcs9tPByCYSTovTQ-u246Lm3uT98Zk_oSLyZf1PCqfrjBXdidAmIh6BKLKjsmOYrdZTlRZu7wWzgJSYp_-l7vkr04ECPrRRLcPqHOE2_Y3P_T7KHOgJhnR6QsftUDMd2NBkqUs2kiKetg_39XzxjviTpnNOedBjejXzONg120C02YQi4n-JLTHBAgPzkiqh0VszWi0v0m1sV3ym7cj0YwGlk8eMpyKHe--ZxmsVnfpdwD5HGPK4ptdy5lA8iP-dJlqmxAnEna47ezAP3X1FM-Q/https%3A%2F%2Fwww.educause.edu%2Fcommunity> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Flagging external emails and exceptions Beth Albertson (Sep 30)
- Re: Flagging external emails and exceptions Blake Brown (Sep 30)
- Re: Flagging external emails and exceptions Bandy, John (Sep 30)
- Re: [External] [SECURITY] Flagging external emails and exceptions Gregg, Christopher S. (Sep 30)
- Re: Flagging external emails and exceptions Blake Brown (Sep 30)