Educause Security Discussion mailing list archives

Re: Blacklisting and Tar-pitting

From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Fri, 8 Aug 2008 15:54:41 -0500

We do 2 things:

1) We separate the flow of our mail so that forwarded email comes from
different IP addresses than our authenticated submissions.  This way, an
external site could only rate limit our forwarded mail, not our
"important" outbound traffic.  We encourage our users to stop forwarding
if they complain about their forwarded mail not being delivered in a
timely fashion.

2) If a domain starts rate limiting our forwarded mail, then we will
discard messages destined for those domains that we have rated as spam.
 There is a risk of losing some legitimate messages, but we let the
users know this when they set up the forward.  We only do this for
around 10 domains (yahoo, gmail, etc) so far.

Another couple of points:
- only around 10% of our users choose to forward off campus
- we don't relay mail for unauthenticated campus hosts

Jesse
UW-Madison

Jay Graham wrote:

Folks,

Here at the University of Pittsburgh, we allow our users to forward
their official University email address <username () pitt edu> either on
campus to a departmental e-mail server or off campus to another provider.

We have been dealing with the external providers Blacklisting us for
some time, but recently it seems to have become chronic and we are
Blacklisted now more than we are not Blacklisted. We put measures in
place for SPAM filtering and have really cracked down on security so
that compromised workstations are not spewing spam.

I know there are several things we can do about this. Some are radical
like not allowing forwarding of email off campus and others are less
radical like trying to white list us with the major providers or
implement domain keys or SPF.

I am wondering what other Universities that allow forwarding are doing
to combat the blacklisting problem. Is this something obvious we are
missing or is this a real problem that everyone is facing?

Jay Graham
University of Pittsburgh
jwg () pitt edu
================


--
  Jesse Thompson
  Email/IM: jesse.thompson () doit wisc edu

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Current thread:

Blacklisting and Tar-pitting Jay Graham (Aug 06)
- <Possible follow-ups>
- Re: Blacklisting and Tar-pitting Michael Young (Aug 06)
- Re: Blacklisting and Tar-pitting Jason C.Belford (Aug 06)
- Re: Blacklisting and Tar-pitting Roger Safian (Aug 06)
- Re: Blacklisting and Tar-pitting Patrick P Murphy (Aug 06)
- Re: Blacklisting and Tar-pitting Jesse Thompson (Aug 08)