Educause Security Discussion mailing list archives

Re: Question about SPF email filtering

From: John Ladwig <John.Ladwig () SO MNSCU EDU>
Date: Thu, 9 Feb 2012 19:04:11 +0000

SPF and DKIM seem to be getting a refresh/update under dmarc.orc, complete with new Internet-draft:

  http://www.dmarc.org/draft-dmarc-base-00-01.html

There's been a bunch of press releases last couple of weeks from the DMARC organization.

   -jml


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Derek 
Diget
Sent: Thursday, February 09, 2012 12:38 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Question about SPF email filtering

On Feb 9, 2012 at 17:16 -0000, Dye, Jan wrote:
=>I'm just curious to see how many of you have enabled SPF filtering on =>your email systems?

We quarantine on SPF "fail".  (There is plans to SMTP reject.)


=>We recently enabled this, and the result is that we have many support =>tickets from users who no longer receive mail 
from rejected senders. 
=>These senders are legitimate, however, they have "bad" SPF records.

We did this a could of years ago.  There have been a few issues.  
Mostly with students/faculty forwarding from their previous .edu.  (We tell them to go fix the address they have in 
Facebook, banks, etc to be their @wmich.edu address.)  Another top issue would be user's wanting to use one address 
(like previous broadband provider) with their new broadband provider's MSA.  Once they get the "profile" set up in 
their MUA to use MSA-X for X address and MSA-Y for Y address, they are all set.


=>We're wondering how other institutions are handling this, and if SPF =>checking is really worth it.

It is just one more tool to use.  For us, where we seem to see it help is for the first messages in phishing runs for 
NACHA.org, FDIC, IRS and other money phishing.  Within a few minutes our anti-spam starts blocking them, but the SPF 
check catches the ones that get through it.


=>If I've posted this on the wrong list, please let me know.

Probably would also want to post to the Higher Education Email Administration list hosted at Notre Dame.



Note, that SPF is currently being updated from Experimental to a 
Standards Track protocol by the SPFbis IETF working group.  (It was just 
chartered last week.)


-- 
***********************************************************************
Derek Diget                            Office of Information Technology
Western Michigan University - Kalamazoo  Michigan  USA - www.wmich.edu/
***********************************************************************

Current thread:

Question about SPF email filtering Dye, Jan (Feb 09)
- Re: Question about SPF email filtering Dye, Jan (Feb 09)
- Re: Question about SPF email filtering Jason Todd (Feb 09)
- Re: Question about SPF email filtering David Pirolo (Feb 09)
- Re: Question about SPF email filtering Derek Diget (Feb 09)
  - Re: Question about SPF email filtering John Ladwig (Feb 09)