Re: Notifications of external emails

[Frank Barton <bartonf () HUSSON EDU>]

I have seen an increasing an increasing number of institutions (Mostly
outside of Higher Ed) that are appending a footer to all messages that come
from outside saying 'This message came from an external source, be careful"

here's one from our local hospital

[image: Inline image 1]

The problem comes then from modifying the body of the message, and that can
invalidate digital signatures (DKIM, S/MIME for example)

Frank

On Wed, Feb 8, 2017 at 11:19 AM, Harris, Brent <BHarris () umhb edu> wrote:

> Interesting topic – haven’t tried this but brainstorming and googling
> brings a couple of thoughts:
>
>
>
> Exchange Message Classification might be useful for this (if you’re
> running Exchange).
>
>
>
> You might be able to use your inbound email scanner to inject text into
> the header, that would not be seen by the end user, and use that header
> text to trigger a rule that would categorize or format those message to
> signify that it came from outside the organization.
>
>
>
> Brent Harris
>
> Vice President for Information Technology
>
> University of Mary Hardin-Baylor
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Thomas Carter
> *Sent:* Wednesday, February 8, 2017 9:18 AM
>
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Notifications of external emails
>
>
>
> This is more to combat the traditional “HR is validating your last
> paycheck. Click the link and enter your account info” type of phishing.
> Something procedural will get generally ignored by many departments when
> sending out emails, so we’re looking for something more automatic.
>
>
>
> *Thomas Carter*
> Network & Operations Manager / IT
>
> *Austin College*
> 900 North Grand Avenue
> Sherman, TX 75090
>
> Phone: 903-813-2564 <(903)%20813-2564>
> www.austincollege.edu
>
> [image: http://www.austincollege.edu/images/AusColl_Logo_Email.gif]
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [
> mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
> Behalf Of *Napier, Mark E
> *Sent:* Wednesday, February 8, 2017 9:04 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Notifications of external emails
>
>
>
> What about encouraging or requiring your users to use S/MIME to sign their
> emails? That would also cover the situation in which a machine on the
> internal network is engaged in pushing. (In most cases, anyway)
>
>
>
> --
>
> Mark E. Napier   MIS, CIPT
>
> Deputy Director of Information Technology /
>
> Chief Information Privacy and Security Officer
>
> School of Informatics and Computing
>
> Indiana University
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Feb 8, 2017, at 9:57 AM, Thomas Carter <tcarter () AUSTINCOLLEGE EDU
> <tcarter () austincollege edu>> wrote:
>
>
>
> We are trying to combat phishing by making users more aware of emails that
> come from outside campus vs internal emails. We’ve trialed using a mail
> rule to modify the subject line and prepend a flag (like “EXTERNAL:” or
> similar) but users complained it caused confusion (?) and they didn’t like
> emails to be modified. I suspect a disclaimer added to the body of the
> message would be either ignored or disliked for the same reasons.
>
>
>
> Has anyone else done something to somehow flag external emails? What was
> the feedback? How well does it work?
>
>
>
> *Thomas Carter*
> Network & Operations Manager / IT
>
> *Austin College*
> 900 North Grand Avenue
> Sherman, TX 75090
>
> Phone: 903-813-2564 <(903)%20813-2564>
> www.austincollege.edu
>
> <image001.gif>



-- 
Frank Barton
ACMT
IT Systems Administrator
Husson University