Why are some emails being blocked by the State?

Posted by BSD IT Department on 8/1/2016

A Guest Post by BSD's IT Department


The Brandywine School District, to save money and support hours, relies on Delaware’s Department of Technology and Information (DTI) to handle both our CIPA-compliant Firewall needs, as well as email filtering. This allows BSD's IT staff to concentrate on more important matters, such as keeping on-site IT infrastructure operational and putting devices in the hands of teachers and students for educational purposes.

Unfortunately, this means we are also beholden to DTI’s policies and decisions on matters relating to these two services they provide, which sometimes generates problems such as the current blocking of some emails to the State. Ultimately, DTI is also responsible for safeguarding the networks of the Divisions of Revenue (Taxes), Department of Transportation, and the Department of Justice in addition to ours. Since email is a common attack vector, they must act in a manner that safeguards our most sensitive information, given that a majority of the email they handle goes to State agencies that are not the Brandywine School District. They have to remember that if the Division of Revenue or the Department of Transportation are hacked, the State would be on the hook for millions of dollars of identity theft. Many hackers are associated with harder criminals as well, supporting them in their activities, so the Department of Justice is equally at risk. A hack of those systems could result in wrongful convictions from tampered digital evidence, or criminals going free because the only digital evidence of the crime was lost – not to imply that it would be easy to do so, but getting malware onto that network would be the first step.

The reason some emails are getting dropped by the State email firewall is because two of Gmail’s servers sent so many spam, phishing, and malware emails that they were flagged by several email server trust lists as “do not receive from.”  The scoring our State’s email firewall rule goes from -10 to +10, with -10 being the worst possible score. Normally, Gmail is in the positives, but right now these two specific servers are sitting with a -10. With -10, the email gets dropped instead of filtered.

Ultimately, there is no a silver bullet solution here. DTI has two bad choices: 1) they weaken their network protection by letting two email servers that are KNOWN to be spreading malware to send messages to State recipients and increase the potential for a virus outbreak on the network, decreasing the security around systems that contain sensitive personal data, or 2) they leave it as-is and allow the mail server’s owner time to clean up the reputation of those servers and add additional protections onto those systems so that they don’t send these kinds of emails in the future. Even though the flagged servers are from Google, DTI must respond appropriately and thoroughly to protect the integrity of the State's email system.

Delaware has opted to be cautious since we know the cost if something bad gets on our network.  DTI is still working to resolve this, both by contacting Google directly to let them know what is up, as well as by leveraging the various groups who use Google as their organization’s email service to contact Google to put additional pressure for a speedy resolution. Unfortunately, there is no way for us in BSD to know the timeline for when Google will fix their community trust issue.

It is important to note that this is not the first time this has happened with a major email distributor. Comcast, for a while, enjoyed similar infamy in the email community. They eventually fixed the issue, restored the online trust, and were allowed yet again to send to mail servers running on Delaware’s network.

We appreciate your continued patience as the State and Google work to resolve this issue, and we will be sure to post updates as they are available.