Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2101
Views
0
Helpful
1
Replies

Distribution Lists and Quarantine: Best Practices

slm04747
Beginner
Beginner

‎09-13-2013 10:57 AM

Our users have gotten comfrotable with their personal quarantines, but for those users managing internal Distribution lists, logging into the quarantine for teh DL is an issue.  We are considering crating a new Policy for DL's.

Our current policy for users is

Positive SPAM – Drop

Suspect Spam – Quarantine

Viruses – Drop

Marketing – Quarantine and mark invisibly (tag in the headers)

For this new policy for distribution Lists, we would:

Positive SPAM – Drop

Suspect SPAM – Mark visibly (in the Subject)

Viruses – Drop

Marketing – Mark Invisibly (in the headers)

Is this a reasonable approach?  Are there other (better?) options?

Thanks

Steve Moss

Pomona College

Labels:
0 Helpful
1 Reply 1

Bob Fayne
Beginner
Beginner

‎09-23-2013 12:49 PM

No one has replied to this yet so I'll test the waters. That seems like a reasonable approach, where you have a slightly more open policy to avoid the quarantine. Exactly what you might want to do depends on your particular environment. Without knowing more what you propose seems reasonable.

Here's a couple of things to think about...

1) Make sure that all DLs really need to be hit from the outside. If you can make a DL internal-only, that solves the problem quickly.

2) Obviously in an educational environment there is going to be quite a bit of concern about missed messages but I have always found the false positive rate from IPAS to be very low. Perhaps some DLs deal with financial information and need extra care but you might find that some DLs can have a tighter set of rules applied.

3) Consider the effect of spam/phishing messages now getting sent to multiple people instead of one so there is a bit of increased risk with DLs.

4) Try to use other data about the messages to help with the decision. Make sure SBRS scores are being used as they go a long way towards an accurate Spam/Ham decision. If you have a place that is a large volume sender of known good emails then consider using a more open policy for them so that you can use a more restrictive policy as a default.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents