[unisog] Using Constant Contact campaigns and dealing with spam/content filters

Bob Kalal kalal.1 at osu.edu
Tue Nov 23 02:32:27 GMT 2010


With Jeff or not, our universities have business processes and needs and we are a part of those universities. As security professionals, we should work with the stakeholders to help ensure that the needs are met in a secure fashion. Security is not an end in itself but a contributor to the university mission. If our stakeholders make bad choices, we should help to educate them rather than "block up the way". In any case "... frankly I don't care..." is not an acceptable response for a security professional in any universe.

Bob Kalal

On Nov 22, 2010, at 10:52 AM, Cathleen Carroll wrote:

> I’m with Jeff Krell.  I kept receiving mail from an organization that I had never dealt with, and didn’t want anything to do with, that was using Constant Contact.  I also received email from a couple groups that I had had dealings with, but no longer wanted to get mail from, that were using Constant Contact, but didn’t seem to be respecting the “remove me from your email” requests.  I finally contacted Constant Contact and asked to be removed from ALL of their mailing lists. 
>  
> Shortly after, I noticed that one of our departments was using Constant Contact for some things, but frankly, I don’t care.  The university has its own in-house email service, where mailings have to be approved before being mailed to hundreds or thousands of affiliates.  If those services aren’t adequate, then departments can work to have our central IT group improve them. 
>  
> That said, I would like to understand what Constant Contact is offering that departments think they can’t get in-house.
>  
> C. Carroll
> IR Systems Administrator
> Princeton University
>  
>  
> From: unisog-bounces at lists.dshield.org [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Bob Kalal
> Sent: Friday, November 19, 2010 8:56 PM
> To: UNIversity Security Operations Group
> Subject: Re: [unisog] Using Constant Contact campaigns and dealing with spam/content filters
>  
> That's a pretty cavalier response to a legitimate university business process. A rationally developed university policy worked out in consultation with the stakeholders would probably be a better approach.
>  
> Bob Kalal
>  
>  
> On Nov 17, 2010, at 4:58 PM, Jeff Kell wrote:
> 
> 
> On 11/17/2010 1:36 AM, McLaughlin, Bryan S. wrote:
> We too are currently struggling with how to allow unsolicited email back into the campus to support various University campaigns.  We have various units using various outsource bulk email companies sending email to University staff, faculty, and students and inevitably it is block by our spam filters.  Whitelisting has become an all too common approach to solving this issue.  The problem is our whitelist entries at Postini never get removed.  We have asked the campaign managers if we can insert specific header records in messages, as this is the preferred Postini method of whitelisting, however that is not possible in most cases.
> 
> Spam is spam :-)  We get financial aid progress reports, admissions acceptance letters,  fac/staff newsletters, etc that we generate ourselves reported as spam.  If someone wants an outside agency to attempt to do a more believable job of an email campaign, caveat emptor.
> 
> Jeff
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
>  
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20101122/982b5394/attachment.htm 


More information about the unisog mailing list