Letter to the Editor: Falsified Emails
April 17, 2014
In response to Gillian Feehan’s April 11 article, “Email hoax spurs security concerns,” please know that the University takes the security of our network and systems very seriously. Within hours of the campus community receiving the first spoofed message, Bucknell’s system administrators had put into place additional security measures to try to prevent other spoofed messages from getting through. Those actions were initially successful; over the next few days numerous additional attempts to send spoofed messages were stopped.
However, as the second spoofing incident this week demonstrates, it is difficult to foil every spoofing attack. In fact, it is well understood that the current state of the Internet’s email technology makes it impossible to categorically identify every message as either legitimate or not in all cases.
In her article, Ms. Feehan also states that the University has “yet to comment on the issue to the student body.” Just over 30 minutes after the first spoofed email was sent, President Bravman sent a note to the entire campus, promising quick and effective action to prevent future spoofed emails, a promise on which the University has, as we now know despite best efforts, only partially delivered. In addition, President Bravman’s follow-up message regarding the April 15 incident made it quite clear that any student found to have participated in a spoofing activity will be subject to suspension or expulsion from the University.
Should Ms. Feehan or any other member of the campus community have questions about online security or our continued efforts to maintain the integrity of our infrastructure, they are encouraged to contact me directly at [email protected]. Thank you.
Eric Smith, Chief Information Security Officer, Bucknell University