Email | Cancel Print Preview Print | Feeds

MCBUL POLICY FOR E-MAIL USAGE ON THE MISSION-ORIENTED NIPRNET 

Date Signed: 8/6/2008 
MARADMIN  Number: 427/08 

R 051956Z AUG 08 ZYB
FM MOZART
BT
UNCLAS
MSGID/GENADMIN,USMTF,2007/MOZART//
SUBJ/MCBUL POLICY FOR E-MAIL USAGE ON THE  MISSION-ORIENTED NIPRNET//
REF/A/MSGID:MARADMIN 32505/HQMC C4/YMD:20050725//
REF/B/MSGID:MARADMIN 21004/HQMC C4 /YMD:20040519//
REF/C/MSGID:MARADMIN 13600/HQMC C4/YMD:20000315//
NARR/REF A OUTLINES THE SPAM E-MAIL FILTERING SOLUTIONS FOR THE
MARINE CORPS ENTERPRISE NETWORK (MCEN).  REF B ADRESSES NETWORK
EXPLOITATION ATTEMPTS VIA E-MAIL SPOOFING AND MALICIOUS
ATTACHEMENTS.  REF C PROVIDES POLICY PROHIBITING THE FORWARDING OF
CHAIN E-MAIL.//
GENTEXT/REMARKS/1. PURPOSE.  THE PURPOSE OF THIS MCBUL IS TO
ESTABLISH AND REINFORCE E-MAIL USAGE POLICY ON THE MISSION-ORIENTED
NIPRNET, AND TO REVIVE PREVIOUSLY PROMULGATED E-MAIL POLICIES.2. CANCELLATION.  THIS MCBUL SUPERCEDES AND CANCELS REFS A, B, & C.
THE APPLICABLE AND RELEVANT CONTENTS OF REFS A, B & C ARE
ENCAPSULATED HEREIN.  
3. ACTION.  THE FOLLOWING IS THE MANDATED STANDARD FOR E-MAIL USE ON
NIPRNET:
A. AUTO-FORWARDING OF E-MAIL.
(1)   AUTO-FORWARDING OF E-MAIL IS THE ACT OF AUTOMATIC REDELIVERY
OF ALL INCOMING E-MAIL MESSAGES FROM YOUR OFFICIAL NIPRNET E-MAIL
ACCOUNT TO ANOTHER E-MAIL ACCOUNT.  MARINE CORPS POLICY DOES NOT
PERMIT AUTO-FORWARDING OF E-MAIL FROM NIPRNET TO OTHER DOMAINS
(I.E., HOTMAIL, YAHOO, GMAIL, ETC.).  AUTO-FORWARDING AUTOMATICALLY
PLACES NIPRNET SERVERS ON LISTS THAT MARK MAIL ENDING IN (AT)
USMC.MIL AS JUNK MAIL.  AUTO-FORWARDING ALSO CAUSES THE NIPRNET
INTERNET PROTOCOL ADDRESSES TO BE BLOCKED, AND CAN LIMIT THE MARINE
CORPS; OPERATIONAL CAPABILITIY.  ADDITIONALLY, THERE ARE SECURITY
CONCERNS WITH AUTO-FORWARDING E-MAIL MESSAGES.  FORWARDED MAIL MAY
TRANSMIT USERNAMES AND PASSWORDS IN CLEAR, PLAIN TEXT OVER THE
INTERNET.  INFORMATION TECHNOLOGY SPECIALISTS CANNOT GUARANTEE OR
CONFIRM OFFICIAL NIPRNET E-MAIL WHEN AUTO-FORWARDED.
B.  SPAM E-MAIL FILTERING SOLUTION FOR THE MARINE CORPS ENTERPRISE
NETWORK (MCEN).
(1)  MCEN USERS CONTINUE TO BE SUBJECTED TO AN INCREASING AMOUNT OF
SPAM E-MAIL MESSAGES.  SPAM IS DEFINED AS UNSOLICITED COMMERCIAL
E-MAIL, SENT INDISCRIMINATELY TO MULTIPLE MAILING LISTS OR
INDIVIDUALS.  PRIMARY TYPES OF SPAM INCLUDE THOSE ADVERTISING
ILLEGAL PHARMACEUTICALS, FINANCING SCAMS, FRADULENT GET-RICH SCHEMES
AND PORNOGRAPHIC MATERIAL.  SPAM REDUCES PERSONNEL PRODUCTIVITY,
CONSUMES NETWORK RESOURCES AND CAN INTRODUCE WORMS, VIRUSES AND
OTHER FORMS OF MALICIOUS CODE THROUGHOUT THE NETWORK.
(2)  THE MCNOSC AND NMCI HAVE DEVELOPED AND IMPLEMENTED AN ANTI-SPAM
SOLUTION AND SUPPORTING PROCESSES FOR THE NMCI PORTION OF THE MCEN.
THE MCNOSC HAS ALSO DEVELOPED AND PROCURED AN ANTI-SPAM SOLUTION FOR
THE NON-NMCI PORTION OF THE MCEN.
(3)  CONCEPT OF SUPPORT
A.  INTENT.  THE INTENT OF THIS SOLUTION IS TO BLOCK THE RECEIPT OF
SPAM TO THE MAXIMUM EXTENT POSSIBLE, WHILE ALLOWING THE CONTINUED
FLOW OF OFFICIAL E-MAIL.
B.  LIMITATIONS.  ANTI-SPAM TECHNOLOGY IS NOT PERFECT IN ITS ABILITY
TO DISTINGUISH BETWEEN SPAM AND OFFICIAL E-MAIL.  THE ANTI-SPAM
FILTERS BEING IMPLEMENTED ON THE MCEN ARE PRECONFIGURED TO INDENTIFY
AND BLOCK MOST E-MAIL CONTAINING INAPPROPRIATE CONTENT OR
ORIGINATING FROM KNOWN SOURCES OF SPAM.  HOWEVER, IT IS POSSIBLE
THAT USERS MAY RECEIVE SOME SPAM E-MAIL THAT THE ANTI-SPAM FILTER
FAILS TO BLOCK (FALSE NEGATIVES).  IN RARE CASES, IT IS ALSO
POSSIBLE THAT THE ANTI-SPAM FILTER MAY ERRONEOUSLY IDENTIFY OFFICIAL
E-MAIL TRAFFIC AS SPAM AND BLOCK DEIVERY TO THE INTENDED RECIPIENT
(FALSE POSITIVES). 
C.  REQUESTING SPAM FILTER CONFIGURATION ADJUSTMENTS.  AS SITUATIONS
INVOLVING FALSE NNEGATIVES AND FALSE POSITIVES ARE IDENTIFIED, IT
MAY BE NECESSARY TO MODIFY THE CONFIGURATION OF THE ANTI-SPAMN
FILTER.  USERS WILL IDENTIFY INSTANCES OF MISSED OR FALSELY
IDENTIFIED SPAM TO THE LOCAL INFORMATION ASSURANCE MANAGER (IAM) OR
OTHER DESIGNATED G6 REPRESENTATIVE.  THE IAM/G6 WILL REVIEW USER
SPAM ISSUES AND LOCAL IMPACT AND DETERMINE WHETHER TO REQUEST
MODIFICATION OF THE MCEN ANTI-SPAM FILTER.  THE IAM/G6 WILL SUBMIT
ANTI-SPAM FILTER MODIFICATION REQUESTS TO THE MCNOSC THROUGHT THE
MCNOSC OPERATIONS CENTER.
D. APPROVAL AND IMPLMENTATION OF SPAM FILTER CONFIGURATION CHANGES.
THE MCNOSC WILL MAINTAIN OPERATIONAL CONTROL OVER THE ENTERPRISE
ANTI-SPAM SOLUTION AND HAS THE AUTHORITY AND RESPONSIBILITY TO
REVIEW AND APPROVE ALL CHANGES TO THE ANTI-SPAM FILTER CONFIGURATION
WITHIN BOTH THE NMCI AND NON-NMCI PORTIONS OF THE MCEN.  ALL
CONFIGURATION CHANGES WILL BE CAREFULLY CONSIDERED FOR THEIR
ENTERPRISE-WIDE APPLICABLITY AND POTENTIAL IMPACT ON THE MCEN.
APPROVED CHANGES TO THE ANTI-SPAM FILTER CONFIGURATION WILL BE
IMPLEMENTED ACROSS THE ENTIRE MCEN.  CHANGES WILL NOT BE MADE FOR
INDIVIDUAL USERS, COMMANDS, OR LOCATIONS.  IN THE EVENT THAT THE
SPAM BLOCKING CONFIGURATION RESULTS IN AN ADVERSE OPERATIONAL
IMPACT, THE MCNOSC, WILL WORK WITH THE AFFECTED COMMANDS TO RESOLVE
THE ISSUE.
C.  CHAIN E-MAIL AND VIRUS HOAXES.
(1)  CHAIN E-MAIL DISTRACTS RECIPIENTS FROM THEIR WORK, DEGRADES
NETOWRK PERFORMANCE AND IS A DENIAL OF SERVICE THREAT.  LIKEWISE,
RESPONDING TO CHAIN E-MAIL TO REPRIMAND THE SENDER, BY SELECTING
REPLY TO ALL, SERVES TO PROLIFERATE THE PROBLEM, CONTRIBUTING TO
ADDITIONAL POTENTIAL NETOWK SATURATION.  USERS OF THE MCEN ARE
ADVISED TO DELETE CHAIN E-MAIL UPON RECEIPT.  LOCAL NETWORK
OPERATIONS CENTERS MAY REQUEST NOTIFICATION WHEN CHAIN E-MAIL IS
RECEIVED.
(2) CHAIN E-MAIL OFTEN COMES IN THE FORM OF A PROMOTIONAL OR VIRUS
HOAX.  SIGNS OF A HOAX INCLUDE STATEMENTS SUCH AS: FOR EVERY PERSON
THAT YOU FORWARD THIS E-MAIL TO, YOU WILL RECEIVE, SEND THIS MESSAGE
TO EVERYONE YOU KNOW, THIS IS TRUE.  YOUR HARD DRIVE WILL BE EATEN.
THIS IS NO JOKE.  PLEASE IGNORE ANY E-MAIL MESSAGES REGARDING THESE
SUPPOSED PROMOTIONS OR VIRUSES AND DO NOT FORWARD THEM.  IN THE
EVENT YOU ARE NOT SURE WHETHER A MESSAGE REGARDING A VIRUS IS A HOAX
OR ACTUALLY TRUE, PLEASE CONTACT YOUR LOCAL NETWORK OPERATIONS
CENTER OR THE MCNOSC WATCH OFFICER.
D.  E-MAIL SPOOFING AND MALICIOUS ATTACHMENTS.
(1)  THOUSANDS OF ATTACKS AGAINST MARINE CORPS COMPUTER SYSTEMS
OCCUR ON A DAILY BASIS.  THE VAST MAJORITY OF THESE ATTACKS ARE
UNSUCCESSFUL DUE TO LAYERS OF NETWORK DEFENSE THAT HAVE BEEN
IMPLEMENTED THROUGHT THE CORPS.  ONE OF THE MOST IMPORTANT ELEMENTS
OF THIS LAYERED DEFENSE IS THE KNOWLEDGE AND DILLIGENCE OF MARINE
CORPS COMPUTER USERS.  AWARENESS OF POTENTIAL ATTACKS, AND
APPROPRIATE REPONSES WHEN AN ATTACK DOES OCCUR, PROVIDES THE LAST
LINE OF DEFENSE AGAINST OUR VERY DETERMINED ADVERSARIES.  EVERY
MARINE, CIVILIAN MARINE AND SUPPORT CONTRACTOR, USING MARINE CORPS
COMPUTERS PLAY A CRITICAL ROLE IN PROTECTING OUR NETWORKS AND THE
INFORMATION THEY CONTAIN.
(2)  RECENT ATTACKS AGAINST MARINE CORPS NETWORKS HAVE ATTTEMPTED TO
TAKE ADVANTAGE OF USER TRUST IN E-MAIL RECEIVED ON A DAILY BASIS.
ATTEMPTS TO COMPROMISE MARINE CORPS COMPUTER SYSTEMS USING E-MAIL
ATTACHMENTS APPEAR IN THE E-MAIL INBOX AND MAY APPEAR TO COME FROM
ANOTHER MARINE OR ANOTHER KNOWN AND TRUSTED SOURCE.  THE TEXT OF THE
E-MAIL IS USUALLY AN ENTICEMENT TO OPEN AN ATTACHED FILE OR CLICK ON
A WEB SITE LINK CONTAINED IN THE MAIL MESSAGE.  MOST TIMES, NETWORK
DEFENSES HAVE BEEN EFFECTIVE AND THE ATTACMENT HAS BEEN STRIPPED
FROM THE E-MAIL AND REPLACED WITH A MESSAGE INDICATING THIS ACTION
WAS TAKEN.  HOWEVER, AUTOMATED DEFENSES WILL NEVER BE 100 PERCENT
EFFECTIVE.  IN THE SAME MANNER THAT THE CONTROLLED FIIRES OF EVERY
INDIVIDUAL MARINE ARE CRITICAL WHEN THE ENEMY IS IN THE WIRE,
APPROPRIATE ACTIONS BY MARINES CAN DIRECTLY DEFEAT AN ATTACKERS
EFFORT TO ACCESS OR DIRUPT MARINE CORPS NETWORKS.
(3)  THE FOLLOWING LIST OF ACTIONS IS PROVIDED TO GUIDE THE USE OF
MARINE CORPS E-MAIL SERVICES.  ADHERENCE TO THESE BASIC PRINCIPLES
WILL SIGNIFICANTLY ENHANCE THE MARINE CORPS; COLLECTIVE DEFENSIVE
POSTURE.
A.  REMAIN AWARE THAT ATTACKERS WILL ATTEMPT TO USE TRUST TO GAIN
ACCESS TO OR TO DISRUPT MARINE CORPS NETWORKS.
B.  REMAIN AWARE THAT AN ATTACKER CAN SEND A WELL CRAFTED E-MAIL
MESSAGE THAT APPEARS TO COME FROM SOMEONE OR SOME ACTIVITY OR KNOWN
AND TRUSTED ORGANIZATION.
C.  REMAIN AWARE THAT AN ATTACKER CAN SEND AN E-MAIL THAT APPEARS TO
BE OFFICIAL CORRESPONDENCE, INCLUDING RELEVANT AND ACCURATE TEXT,
LOGOS AND PICTURES FOUND IN OTHER OFFICIAL DOCUMENTS.
D.  BE SUSPICIOUS OF ANY E-MAIL RECEIVED THAT CONTAINS ATTACHED
FILES THAT WERE NOT EXPECTED OR COORDINATED WITH THE APPARENT SENDER.
E.  BE SUSPICIOUS OF AN E-MAIL THAT STRONGLY ENTICES YOU TO OPEN AN
ATTACHMENT OR CLICK ON A WEB LINK.  FOR EXAMPLE, YOU HAVE GOT TO
CHECK THIS OUT! OR IS THIS YOUR CREDIT CARD NUMBER?  OR EVEN
SOMETHING AS PERSONAL AS SGT JONES, HERE IS THE INFORMATION YOU
REQUESTED.  SEE PARAGRAPH 3.D. ABOVE.
F.  DO NOT OPEN E-MAIL ATTACHMENTS THAT APPEAR SUSPICIOUS UNTIL
THEIR AUTHENCITIY HAS BEEN CONFIRMED.
G.  WHEN A MESSAGE IS OPENED, AN E-MAIL RETURN-ADDRESS THAT IS
DIFFERENT FROM THE APPARENT SENDER OF THE E-MAIL MESSAGE IS CAUSE
FOR SERIOUS CONCERN.  ATTACKERS WILL FREQUENTLY REDIRECT REPLIES TO
SUCH E-MAIL AWAY FROM THE APPARENT SENDER.  THIS IS DONE IN ORDER TO
PREVENT DISCOVERY OF THE ATTACK THROUGH COMMUNICATIONS BETWEEN THE
RECIPIENT AND THE APPARENT SENDER.  THE RETURN ADDRESS CAN BE FOUND
BY SELECTING OPTIONS FROM THE VIEW DROPDOWN MENU WITHIN MS OUTLOOK.
THE RETURN ADDRESS SHOWS UP AS THE RETURN-PATH WITHIN THE INTERNET
HEADER DISPLAYED AT THE BOTTOM OF THE OPTIONS WINDOW.
H.  IF YOU RECIVE A SUSPICIOUS E-MAIL MESSAGE, DO NOT OPEN ATTACHED
FILES OR CLICK ON WEB LINKS THAT THE MESSAGE MAY CONTAIN.  CONTACT
THE LOCAL INFORMATION SYSTEM COORDINATOR (ISC), INFORMATION
ASSURANCE MANAGER (IAM), OR G-6 REPRESENTATIVE AT THE EARLIEST
OPPORTUNITY.  DO NOT DELETE THE MESSAGE, AS IT MAY BE USEFUL FOR
INVESTIGATION PURPOSES.
I.  COMMANDERS ARE REMINDED TO ENSURE AND ENFORCE THE MANDATORY
INFORMATION ASSURANCE AWARENESS TRAINING REQURED FOR ALL USERS OF
DOD IT RESOURCES.
(4)  OUR ADVERSARIES ARE DETERMINED AND SKILLED, AND WILL USE ALMOST
ANY MEANS TO ACHIEVE THEIR GOALS, WE COLLECTIVELY, MUST REMAIN ALERT
TO EVENTS THAT MIGHT INDICATE AN ATTACK IS BEING PLANNED OR IS
ACTUALLY UNDERWAY.  OUR NETWORKS PLAY A CRITICAL ROLE IN SUPPORTING
OUR DAILY MISSIONS AND PROVIDE A DIRECT SUPPORT FUNCTION TO OUR
MARINES FORWARD DEPLOYED.  YOUR PERSONAL VIGILANCE CAN MEAN THE
DIFFERENCE BETWEEN SUCCESS AND FAILURE IN MARINE CORPS EFFORTS TO
DEFEND THIS CRITICAL RESOURCE.
4.  CANCELLATION CONTINGENCY.  THIS BULLETIN, UNLESS SUPERCEDED, IS
CANCELLED 1 AUGUST 2009.
5.  RELEASE AUTHORIZED BY BGEN G.J. ALLEN, DIRECTOR, COMMAND,
CONTROL, COMMUNICATIONS, AND COMPUTERS/CHIEF INFORMATION OFFICER OF
THE MARINE CORPS.///

Official U.S. Marine Corps Web Site

RSS Feeds

Privacy Policy

External Links

Sitemap

FAQs

FOIA