coe-staff: Avoiding Email Bounces and Spam

Wed Nov 20 17:23:18 PST 2013

You may be aware of recent campuswide problems with bounced email messages. This problem was caused by a small number of people who believed they needed to submit their email account credentials to a non University of Oregon website. (The forwarded email below provides more details as to the cause of the problem).

The safest email practice is to never respond to unexpected messages from domains that do not end in uoregon.edu. If you are ever in doubt as to the authenticity of an email message, please do not hesitate to contact the COE IT staff: Jeff Woodbury (jeffreyw at uoregon.edu), Ken Loge (kloge at uoregon.edu), John Flannagan (johnf at uoregon.edu), or Ryan Ferran (rferran at uoregon.edu). We will be happy to help you sort it out.

Regards,

The COE IT Staff

Begin forwarded message:

From: Mark Messenger <messenge at uoregon.edu<mailto:messenge at uoregon.edu>>
Subject: Email bounces to external domains
Date: November 20, 2013 at 12:06:30 PM PST
To: UO Exchange Admins <UO-EXCH-Admins at uoregon.edu<mailto:UO-EXCH-Admins at uoregon.edu>>
Cc: "Commvault (is-cv-cs1)" <systems at uoregon.edu<mailto:systems at uoregon.edu>>

Recently, email messages sent from @uoregon.edu<http://uoregon.edu/> addresses to external recipient domains have bounced.  This issue has affected people in nearly every department across campus.  This email outlines one of the causes of bounces and what you can do to decrease the chance of them happening in the future.

Last weekend a phishing email went out to many uoregon recipients.  This phishing email claimed that the University was implementing a new email system and that we needed everyone to visit a non-US website and enter their username and password into a form.  Several people fell for this ruse and surrendered their credentials.  Spammers have used those credentials to impersonate the affected users and send more spam/phish emails to other organizations.  Manual and automated systems at some of those destinations detected that our domain (uoregon.edu<http://uoregon.edu/>) was sending a lot of spam and submitted us to various blacklists.  Since we in central IS do not control these blacklists, and since the recent rounds of spam have shot our organizational credibility in the foot, we have little choice but to wait out the blacklisting.  This should happen ~48 hours after the compromised accounts stop sending spam.  As of this morning, that would be sometime on Friday.

Prevention is simple.   Instruct/remind your users not to give out their password to non-uoregon.edu<http://non-uoregon.edu/> sites.

Thank you,

Mark Messenger
Exchange Administrator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists-prod.uoregon.edu/mailman/private/coe-staff/attachments/20131121/a4537625/attachment.html>