DoIT Changes Spam Filtering
Friday, January 27, 2012
DoIT has recently made us aware that the IronPort appliances, pre-configured servers, that detect and block incoming E-mail considered SPAM or malicious were removed at the New Year. This would correlate with the dramatic increase in SPAM we have been seeing.
According to DoIT, the reason for removing the IronPorts was expense. The New Exchange 2010 system has an integrated filtering solution (i.e. cheaper) based on Cloudmark, however, it has to be 'tuned'. This tuning explains why a steady decrease has occured since the blast after New Year. This 'tweaking' will be on going and hopefully we will get back to IronPort-like screening by the Summer.
In the meantime, DoIT is hoping that users will help with the 'tweaking' process. First they want you to determine if any given message that you do not want is SPAM or if it is a direct attack (PHISHING, contain virus attachment, etc). They have
described the differences online.
After you have defined which, they are hoping that you will create a new message, attach the message in question to it, then if SPAM, send to
.(JavaScript must be enabled to view this email address); if PHISHING, send to
.(JavaScript must be enabled to view this email address).
DO NOT simply forward the problem E-mail, as the message headers are not kept intact. You must
make it an attachment to a new message OR
manually copy the message header from the original and paste that into the one you send to either link.
The more information they get, the more accurate the filters will become. If you have any questions or concerns, please ask DCRC IT.
« Permalink »
Friday, January 27, 2012
DoIT has recently made us aware that the IronPort appliances, pre-configured servers, that detect and block incoming E-mail considered SPAM or malicious were removed at the New Year. This would correlate with the dramatic increase in SPAM we have been seeing.
According to DoIT, the reason for removing the IronPorts was expense. The New Exchange 2010 system uses Cloudmark, however, we have to 'tune' it. This would also explain why each week, although we still see spam, it is getting better as DoIT tweaks what is and isn't allowed. This 'tweaking' will be on going and hopefully we will get back to IronPort-like screening by the Summer.
In the meantime, DoIT is hoping that users will help with the 'tweaking' process. First they want you to determine if any given message that you do not want is SPAM or if it is a direct attack (PHISHING, contain virus attachment, etc). They have
described the differences online.
After you have defined which, they are hoping that you will create a new message, attach the message in question to it, then if SPAM, send to
.(JavaScript must be enabled to view this email address); if PHISHING, send to
.(JavaScript must be enabled to view this email address).
DO NOT simply forward the problem E-mail, as the message headers are not kept intact. You must make it an attachment to a new message OR manually copy the message header from the original and paste that into the one you send to either link.
The more information they get, the more accurate the filters will become. If you have any questions or concerns, please ask DCRC IT.
« Permalink »
Friday, January 27, 2012
DoIT has recently made us aware that the IronPort appliances, pre-configured servers, that detect and block incoming E-mail considered SPAM or malicious were removed at the New Year. This would correlate with the dramatic increase in SPAM we have been seeing.
According to DoIT, the reason for removing the IronPorts was expense. The New Exchange 2010 system uses Cloudmark, however, we have to 'tune' it. This would also explain why each week, although we still see spam, it is getting better as DoIT tweaks what is and isn't allowed. This 'tweaking' will be on going and hopefully we will get back to IronPort-like screening by the Summer.
In the meantime, DoIT is hoping that users will help with the 'tweaking' process. First they want you to determine if any given message that you do not want is SPAM or if it is a direct attack (PHISHING, contain virus attachment, etc). They have
described the differences online.
After you have defined which, they are hoping that you will create a new message, attach the message in question to it, then if SPAM, send to
.(JavaScript must be enabled to view this email address); if PHISHING, send to
.(JavaScript must be enabled to view this email address).
DO NOT simply forward the problem E-mail, as the message headers are not kept intact. You must
make it an attachment to a new message OR
manually copy the message header from the original and paste that into the one you send to either link.
The more information they get, the more accurate the filters will become. If you have any questions or concerns, please ask DCRC IT.
« Permalink »
Monday, January 16, 2012
Starting last year, per the new MU Information Security Office, all MU faculty and staff must change their password annually. DoIT has, to date, sent 2 notices to all users regarding the requirement designating the cut-off date as
Feburary 8th. Anyone who has not changed their password by then, will have their password changed to a random string and you will have to contact DCRC IT or the Campus Helpdesk to get it reset.
This does not apply to Students, who currently do not have a required password change or to Hospital staff who are already on a 6month cycle (please see Hospital IT/Helpdesk for more info). We still recommend that students change their password on periodic basis.
If you have changed your password starting Jan. 1st, then your account has been counted as changed and you do not need to do so again.
Changing your password is as simple as going to
DoIT's website, click
Accounts in the left menu, then
Password Manager in the right menu under
Account & password Tools.
The not-so-simple aspect is that any software or device that you currently have your password setup on, likely in multiple places, will have to have that password updated as well. For example, your cell phone may have both wireless and E-mail setup and you will have to update your password in two different menu area's on the phone.
If you have any questions, concerns or need help changing your password; please contact DCRC IT.
« Permalink »
All DCRC systems active
... although, DoIT has a sched. maint.