[unisog] Phishing targeting University Admissions

Joseph Brennan brennan at columbia.edu
Wed Jun 16 15:43:33 GMT 2004



--On Wednesday, June 16, 2004 10:49 AM -0400 Valdis.Kletnieks at vt.edu wrote:

> On Mon, 14 Jun 2004 09:19:09 EDT, Joseph Brennan <brennan at columbia.edu>
> said:
>
>> Do you have the header portion?  I assume it claimed to be from an
>> address at your school but really came from somewhere else.  Some
>> general rule might be made to filter out such mail.
>
> Note that unless your site is sufficiently clued to do something like
> provide SMTP-AUTH on port 587, that general rule would effectively
> break any roaming user, or user that wants to use a @your.edu address
> while sending from their ISP at home.


Correct.  I did assume that.  I wish clients defaulted to 587.
It's been an alleged standard for a few years now.

I tested for a few hours by logging senders and relays of mail
claiming to be from columbia.edu but sent neither from campus nor
with smtp auth.  They all appeared to be real users sending from
ISPs that route outgoing mail through their own servers.  It may
be that using port 587 would have got around that but the ISPs
could capture that too any time.

Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York





More information about the unisog mailing list