On 10/25/11 10:28 AM, John Gorentz wrote:
> I haven't figured out the best official place to complain about this, so I'll do it here. There is a service alert about some of MSU's mail servers having been blacklisted. The thing is, the first note is dated at 9 a.m. on Monday, and the next update is expected at 8 a.m. on Wednesday. I realize it can take a while to get a server un-blacklisted, but it would be nice to get more details and more frequent updates. In the meantime people are asking me about alternate SMTP servers to use. I don't know if I should tell them to be patient and we'll learn more Wednesday (not an acceptable answer for some people) or if progress is being made and they should keep trying to send their e-mails, or what.
>
> John Gorentz
> W.K. Kellogg Biological Station
>
>
John,
The official place to inquire (or complain) would be our help desk via
phone or contact form as you prefer. That aside, here's the rundown:
Last week MSU users were targeted several times by phishing emails;
forms-based for the most part. In particular, there was an effective
phish later in the week that resulted in numerous users being
compromised. Such accounts are used in pretty short order to generate
masses of spam, much of which we detect and prevent from going out.
Unfortunately, when a large number of users are compromised,
particularly over a weekend (additional phish attacks were noted on
Friday and on Sunday morning), enough spam is generated through our
servers to result in a diminished mailer reputation - sometimes a number
of our mail servers end up as "Not a trusted source".
We try to be vigilant at the help desk about these attacks. For
instance, I noted a phish in my inbox shortly after 9:00 a.m. on Sunday
and contacted the consultants on duty to arrange as quickly as possible
for on-campus access to the form to be blocked. Nonetheless, there's no
way to know how many users may have responded before the block was put
in place.
The forms-based phishes are particularly challenging because naive users
tend to take the info at face value, click on the link and follow the
instructions and then you have the compromise. We can block access to
these forms from on-campus, but not from off-campus access. And chances
are, if one of these innocent users encounter the phish at night or on a
weekend, they'll access it over their own broadband connection and there
is not a thing we can do to prevent that.
Department ITs may want to regularly remind people they support that
they should never trust such links in emails received. Anyone who
receives advise that they need to "Update their account", "confirm",
"Quota", etc..... should either delete the mail OR contact the Academic
Technology Help Desk to confirm the notification.... One further note is
that Google forms have been popular for this use as of late.
Background aside - the mail team has submitted requests as necessary to
Comcast and other mail services to request that our servers be
unblocked. For the most part Comcast addresses should be working
normally now.
If there are specific email recipient servers of a concern, please
contact us.
--
Leo Sell
Academic Technology Help Desk
--
I see in the near future a crisis approaching that unnerves me and cause me to tremble for safety of my country; corporations have been enthroned, an era of corruption in High Places will follow, and the Money Power of the country will endeavor to prolong its reign by working upon the prejudices of the People, until the wealth is aggregated in a few hands, and the Republic destroyed.
ABRAHAM LINCOLN
|