Re: Flagging external emails and exceptions

["Bandy, John" <jbandy () SAMFORD EDU>]

We did something similar and did not flag external mailing list organizations that are used for University business.

The montra here is "If it looks like it came from Samford, but has the [EXTERNAL] flag, then it can not be trusted".

It has been very successful.  We did not put anything in the body because of stories of dissatisfied customers from 
other schools.

We tried (unsuccessfully) for years to train them to hover over the sender (on a mobile device).  The EXTERNAL 
indicator has been very helpful to our customers.

John Bandy
Chief Information Security Officer
Technology Services

205-726-2692<tel:+1205-726-2692> | office
205-726-2692 | fax
JBandy () Samford Edu<mailto:JBandy () Samford Edu>
Twitter<http://twitter.com/SamfordInfoSec>
800 Lakeshore Drive
Birmingham, AL 35229<https://maps.google.com/maps?q=800+Lakeshore+Drive,+Birmingham,+AL+35229,+US>

[mford Samford University Logo]



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Blake Brown
Sent: Wednesday, September 30, 2020 7:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [EXTERNAL]Re: [SECURITY] Flagging external emails and exceptions

We applied the external tag last year and have provided a few exceptions, college B2B relationships (BlackBoard, 
MyEmma, EAB, etc.), which has not been too cumbersome to manage. Most users were ok with it,  only a few dissenters.

Highly recommended to deploy this as it was easy to train ends users to recognize and (hopefully) think twice before 
clicking on a link.

Thanks,
Blake

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Beth Albertson <albertb3 () WWU EDU<mailto:albertb3 () WWU EDU>>
Sent: Wednesday, September 30, 2020 5:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] Flagging external emails and exceptions

External Email

Colleagues,



We are thinking of flagging emails coming in external from our O365 tenant with either a red header at the top of each 
email or adding something like <EXTERNAL> to the subject line.  I wanted to ask other schools that are doing this 
whether they are adding exceptions for external organizations that are trusted.  For example, we use Jira, and I 
thought we could add this to an exception list.  Some have argued that maintaining such a list could be cumbersome and 
could potentially confuse users because some external emails would be flagged and others would not.  Does anyone have 
experience or thoughts on this matter?



Sincerely,



Beth Albertson, CISSP(r), PMP(r)

Director of Information Security

Western Washington University

beth.albertson () wwu edu<mailto:beth.albertson () wwu edu>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://secure-web.cisco.com/1G4sWFelT6nkjt1m_lRrX5H4oM72-qQRruozHNhTahWNcs9tPByCYSTovTQ-u246Lm3uT98Zk_oSLyZf1PCqfrjBXdidAmIh6BKLKjsmOYrdZTlRZu7wWzgJSYp_-l7vkr04ECPrRRLcPqHOE2_Y3P_T7KHOgJhnR6QsftUDMd2NBkqUs2kiKetg_39XzxjviTpnNOedBjejXzONg120C02YQi4n-JLTHBAgPzkiqh0VszWi0v0m1sV3ym7cj0YwGlk8eMpyKHe--ZxmsVnfpdwD5HGPK4ptdy5lA8iP-dJlqmxAnEna47ezAP3X1FM-Q/https%3A%2F%2Fwww.educause.edu%2Fcommunity>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://secure-web.cisco.com/1G4sWFelT6nkjt1m_lRrX5H4oM72-qQRruozHNhTahWNcs9tPByCYSTovTQ-u246Lm3uT98Zk_oSLyZf1PCqfrjBXdidAmIh6BKLKjsmOYrdZTlRZu7wWzgJSYp_-l7vkr04ECPrRRLcPqHOE2_Y3P_T7KHOgJhnR6QsftUDMd2NBkqUs2kiKetg_39XzxjviTpnNOedBjejXzONg120C02YQi4n-JLTHBAgPzkiqh0VszWi0v0m1sV3ym7cj0YwGlk8eMpyKHe--ZxmsVnfpdwD5HGPK4ptdy5lA8iP-dJlqmxAnEna47ezAP3X1FM-Q/https%3A%2F%2Fwww.educause.edu%2Fcommunity>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community