> 3. Spammers abusing your webmail and/or remote message submission service > using phished credentials. >
I'll admit .. this has happened a few times too. Usually we see the incoming phish attempt and configure an outbound block for RE: (same subject) and it never fails .. we catch at least one person that responds. We've seriously considered sending our own phishing emails with a link that automatically disables anyone's account if they click it. > If your incoming spam blocks are effective then forwarding shouldn't be > too much of a problem. > > Never-ending game of cat & mouse. Our volume is 1.5-2m msg/day, and I'd say we catch ~95% of it .. but when a batch gets through and a third of our students have mail forwarded to Yahoo, from Yahoo's point-of-view, they just got 10,000 spam from our IPs. > For on-campus bots, block port 25 and ensure your MX servers can't be used > as outgoing relays We do that, as well as run daily reports on outbound ACL denies to see who's been compromised (or being naughty on purpose). > (i.e. put your outgoing relay service on a separate > address). If you are lucky your colleagues chose a really obscure name > (not mail.* or smtp.* etc.) They did. > To protect against phished accounts, apply rate-limits to outgoing email. > If you have good on-campus security hygeine then you can be much less > strict about the limits for on-campus connections. > > Anyone know how to do this in Domino off-hand? (without sending IBM a fat check) .. if so, I'd love to hear about it so I can tell our Lotus admins. Cheers, Michael Holstein Cleveland State University
