Email sanitizing - requesting advice

[Dan Brosemer <odin@cleannorth.org>]

We've had an email filter running for 10 days on all @cleannorth.org
addresses which catches such evils as email worms, trojans, and web bugs and
disables them.  It also forces our virus scanner to run over all executable
attachments before it lets you run them.  All in all, a good tool to have
when you have a bunch of Windows machines that want to read email.

It also lets me know whenever someone sends something that is an obvious
attack (but it doesn't send me the content of the message, just in case it
wasn't -- I don't want to know if your aunt loves you, but I _do_ want to
know if she's sending you the ILOVEYOU worm).

In the past 10 days, we've received (and neutralized) the Hybris worm twice.
This thing is quite insidious.  An excellent technical description is here:
http://www.f-secure.com/v-descs/hybris.shtml

This could be be spread by web mail too.  And that's where my question 
comes in:

We only have four active users of the @cleannorth.org mail (even though
everyone with a network account has an @cleannorth.org address).  Everyone
else uses web mail, and...

I can't sanitize web mail, but I'm unwilling to just block webmail sites
(Actually, I'm pretty much unwilling to block _any_ sites), so I'm wondering
what we should do?

If I remove active content through a proxy filter, a lot of stupid, but
useful, sites will be unusable (whether they were usable before or not is
left to your own opinion).

The spread of Melissa showed quite conslusively that user education is all
but useless, and the spread of the Anna Kornukova worm demonstrated that
getting burned by Melissa didn't stop and make very many people think before
being part of the next big email dissaster.

So what's left?

And if we do settle on user education being the best we can do, how do we go
about it?  I'm no educator.  The best I could probably do is beat the users
with a stick until they promise not to open email attachments or use the two
most easily exploited email systems (Hotmail and Yahoo) where no matter how
hard you try, unless you go and manually inspect the code of each and every
web page, you _can't_ use them securely.  (mail.com recently fixed this bug,
that's why they're not on the list).

Anyone with education experience care to help out?

Any technical suggestions?

Any comments about how possible technical measures might impact usability?

Right now, I'm leaning to a _little_ of each.  I'll try to find a way to
remove the <LAYER> tag (which only Netscape supports) by proxy filtering.
That won't get rid of malicious javascript, but I think there's little we
can do there.  On top of that, we need a bit of user education about running
untrusted attachments.

The former I can do, but is there anyone willing to do user education?

And, someone, please come up with something better than this!

Don, Dee, Kathie, Dave, Jim, I'd appreciate your input especially.

Thanks
-Dan

-- 
"There are two limits that this standard places on the number of
characters in a line. Each line of characters MUST be no more than
998 characters, and SHOULD be no more than 78 characters, excluding
the CRLF."       -- rfc2822 - Internet Message Format