GCSU server blacklisted after e-mail identity theft

A GCSU campus community member’s e-mail was recently used to send mass quantities of spam messages causing GCSU e-mail addresses to be blacklisted.

Being blacklisted means that the school e-mail domain (www.gcsu.edu) was considered harmful to Internet users for a time, meaning many other domains could not communicate with the school’s e-mail domain.

Many of the faculty and staff members had problems e-mailing their students and others during this time.

Denene Bartlett, administrative assistant of the honor’s program did not have problems e-mailing other students and staff on campus, but had problems e-mailing people off campus due to the blacklisting.

According to Ed Boyd, the head of the information and technology department, a university employee responded to a phishing message causing e-mail identity theft. Phishing messages are e-mails that claim to be authentic and ask for private information from the recipient. This private information can be used for e-mail, as well as regular identity theft.

“In the case we had on campus the user gave out their username and password allowing the person or persons to access and use their e-mail account,” said Charles Taylor, director of network and systems administration.

The identity theft had far-reaching implications for the school’s e-mail system.

“Some of the major commercial spam filtering products used across the Internet began logging the frequency of spam e-mail coming from our domain and blacklisted it,” Boyd said.

Since these commercial spam filters share information across the Internet and the GCSU domain was blacklisted everywhere. Once the problem was identified, the staff applied to have the domain name removed from the lists. Since the incident, the staff has been taking precautions to make sure the GCSU domain is not blacklisted again.

“We subscribed to a commercial ‘white list’ site which should help keep us from getting blacklisted in the event we have another occurrence of this nature,” Boyd said.

The white list site will keep GCSU’s e-mails from being considered spam by major filters by giving them authenticity.

The whole incident demonstrates the struggle that the school faces in fighting identity theft, according to Boyd.

“We need to educate all the e-mail users that they should never send their usernames, passwords or other personal information to anyone through e-mail message,” Boyd said. Boyd warns that no one will never ask a student or anyone else for their username or password via e-mail. If someone asks for this kind of personal information people should realize that it is probably a scam, he said.

Posted by Danielle Paluga on Feb 19 2010. Filed under News. You can follow any responses to this entry through the RSS 2.0. You can leave a response or trackback to this entry