[council] FW: [Soac-infoalert] Sharing Links Over Email - Blog by Ashwin Rangan

["James M. Bladel" <jbladel@xxxxxxxxxxx>]

Councilors –

Please see the announcement & blog post below, regarding ICANN’s handling of 
community emails.

Thanks—

J.


From: <soac-infoalert-bounces@xxxxxxxxx> on behalf of David Olive 
<david.olive@xxxxxxxxx>
Date: Thursday, September 29, 2016 at 11:16 Subject: [Soac-infoalert] Sharing 
Links Over Email - Blog by Ashwin Rangan

Sharing Links Over Email: Security @ ICANN
https://www.icann.org/news/blog/sharing-links-over-email-security-icann
Many of you have read 
earlier<https://www.icann.org/news/blog/ciio-perspectives-volume-3> 
posts<https://www.icann.org/news/blog/hardening-icann-s-it-and-digital-services>
 regarding our ongoing improvements to ICANN's overall cybersecurity. This is a 
brief update on some recent security changes we've made to email services, some 
of which will be noticeable to many in the ICANN community.
As you are all aware, phishing poses the most pervasive threat to all 
organizations defending digital assets. Despite their best efforts, many 
organizations (using technical controls or awareness training) are finding that 
phishing continues to be the primary vector by which attackers gain a foothold 
into corporate networks.
Spear phishing, the individually customized approach to phishing, is even more 
effective and harder to spot.  Spear phishing emails can lead us to click 
hostile links or open file attachments that lead to compromise, data theft or 
other losses.
The rapidly emerging sophistication and proliferation of ransomware has also 
captured recent headlines. The vast majority of ransomware is delivered via 
phishing messages, with either malicious links or file attachments. As such, 
defenses used against ransomware largely hinge on email security measures.
So, what security-related email changes have we made here at ICANN, and how do 
they effect the community?
Changes of Interest to ALL Community members:
The first change is quite simple, and one that many organizations have already 
made. Messages received from outside our domain now have [EXTERNAL] prepended 
to the subject line. You may see that tag reflected back in email replies from 
our staff or in messages sent to mailing lists. When you see this new tag, 
please remember we don't view the community as "external" to ICANN! We are 
simply reminding staff to handle messages received from outside senders with 
extra care. Organizations typically use these type of tags to help recipients 
spot spear phishing messages that might use lookalike domains similar to one of 
their own.
The second change is a bit more complicated. You may have recently received a 
message in a forwarded or 'reply-to' email from ICANN senders and noticed that 
the URL links contained in the message were rewritten.
ICANN IT is using a new tool (Proofpoint URL Defense) to help protect email 
users from malicious URLs in messages. This service scans our incoming email 
for hyperlinks and rewrites them with special URLs. These new URLs allow 
Proofpoint to check the original URL before actually sending the reader to that 
web page. URLs found to be used for malicious purposes (phishing, malware 
delivery, etc.) are blocked, while other URLs simply remain rewritten.
The rewritten links in HTML emails have the website's domain added in square 
brackets after the link. In plaintext email the link will be significantly 
changed with text "https://urldefense.proofpoint.com/v1/url?u="; prepended to 
the beginning of the link, followed by a string of letters and numbers.
Following these links will take you to the original address, and will not alter 
your browsers connection to that site unless Proofpoint has determined that 
site serves malicious content.
This new defense against malicious links (which require URLs to be rewritten) 
provides ICANN with a much needed extra layer of security. While many of us can 
spot and avoid some phishing email scams by their subject lines, when we handle 
large volumes of email within short periods of time, even the best of us will 
make mistakes. These rewritten links will allow us to detect which malicious 
links have been followed and respond as quickly and efficiently as possible.
Of Interest to Network/Email Admins:
ICANN has published records for both its Sender Policy Framework (SPF - see RFC 
4408<https://www.ietf.org/rfc/rfc4408.txt>) and Domain-based Message 
Authentication, Reporting, and Conformance (DMARC see - RFC 
7489<https://tools.ietf.org/html/rfc7489>).  These records help enable the 
community to identify legitimate email coming from our domain.  We encourage 
all enterprises receiving mail from our domain to utilize these records and to 
keep a look out for changes in our DMARC as we move to a stricter record.
For those organizations that use either S/MIME or PGP digital signatures, our 
staff supports both, and we highly encourage the use of these tools as well.
We have also added Domain Keys Identified Mail (DKIM - see RFC 
6376<https://tools.ietf.org/html/rfc6376>) to our security roadmap for the 
coming year.
We are all dealing with an increasingly challenging cybersecurity environment. 
Email-borne threats are prevalent and require greater and greater attention. We 
ask for your patience with any inconvenience or disruptions that may occur with 
our normal email messaging as we pursue a more secure approach for our 
communications.

https://www.icann.org/news/blog/sharing-links-over-email-security-icann