 |
 |
On 10/25/11 10:28 AM, John Gorentz wrote: > I haven't figured out the best official place to complain about this, so I'll do it here. There is a service alert about some of MSU's mail servers having been blacklisted. The thing is, the first note is dated at 9 a.m. on Monday, and the next update is expected at 8 a.m. on Wednesday. I realize it can take a while to get a server un-blacklisted, but it would be nice to get more details and more frequent updates. In the meantime people are asking me about alternate SMTP servers to use. I don't know if I should tell them to be patient and we'll learn more Wednesday (not an acceptable answer for some people) or if progress is being made and they should keep trying to send their e-mails, or what. > > John Gorentz > W.K. Kellogg Biological Station > > John, The official place to inquire (or complain) would be our help desk via phone or contact form as you prefer. That aside, here's the rundown: Last week MSU users were targeted several times by phishing emails; forms-based for the most part. In particular, there was an effective phish later in the week that resulted in numerous users being compromised. Such accounts are used in pretty short order to generate masses of spam, much of which we detect and prevent from going out. Unfortunately, when a large number of users are compromised, particularly over a weekend (additional phish attacks were noted on Friday and on Sunday morning), enough spam is generated through our servers to result in a diminished mailer reputation - sometimes a number of our mail servers end up as "Not a trusted source". We try to be vigilant at the help desk about these attacks. For instance, I noted a phish in my inbox shortly after 9:00 a.m. on Sunday and contacted the consultants on duty to arrange as quickly as possible for on-campus access to the form to be blocked. Nonetheless, there's no way to know how many users may have responded before the block was put in place. The forms-based phishes are particularly challenging because naive users tend to take the info at face value, click on the link and follow the instructions and then you have the compromise. We can block access to these forms from on-campus, but not from off-campus access. And chances are, if one of these innocent users encounter the phish at night or on a weekend, they'll access it over their own broadband connection and there is not a thing we can do to prevent that. Department ITs may want to regularly remind people they support that they should never trust such links in emails received. Anyone who receives advise that they need to "Update their account", "confirm", "Quota", etc..... should either delete the mail OR contact the Academic Technology Help Desk to confirm the notification.... One further note is that Google forms have been popular for this use as of late. Background aside - the mail team has submitted requests as necessary to Comcast and other mail services to request that our servers be unblocked. For the most part Comcast addresses should be working normally now. If there are specific email recipient servers of a concern, please contact us. -- Leo Sell Academic Technology Help Desk -- I see in the near future a crisis approaching that unnerves me and cause me to tremble for safety of my country; corporations have been enthroned, an era of corruption in High Places will follow, and the Money Power of the country will endeavor to prolong its reign by working upon the prejudices of the People, until the wealth is aggregated in a few hands, and the Republic destroyed. ABRAHAM LINCOLN