Educause Security Discussion mailing list archives

Re: SPAM filtering

From: "Bandy, John" <jbandy () SAMFORD EDU>
Date: Wed, 2 Oct 2019 16:33:35 +0000

We attempted this a few years ago and found a similar situation with small churches that we receive email from.

We have turned the SPF checking off and have not plane to re-implement any time soon.


John Bandy
Chief Information Security Officer
Technology Services

205-726-2692<tel:+1205-726-2692> | office
205-726-2692 | fax
JBandy () Samford Edu<mailto:JBandy () Samford Edu>
Twitter<http://twitter.com/SamfordInfoSec>
800 Lakeshore Drive
Birmingham, AL 35229<https://maps.google.com/maps?q=800+Lakeshore+Drive,+Birmingham,+AL+35229,+US>

[mford Samford University Logo]



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Thomas Carter
Sent: Wednesday, October 2, 2019 11:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [EXTERNAL] [SECURITY] SPAM filtering

I wasn't sure which listserv to post this on, so I thought I'd give this one a shot.

We recently switched to Barracuda for our spam filtering solution. We started with the default settings, but have seen 
a large number of valid messages getting flagged due to incorrect DKIM and/or SPF settings, including other .edu 
domains. I've been trying to notify the ones we find, but I wildly underestimated the number of domains with incorrect 
SPF records; they have records, they just aren't correct (e.g. they use Office 365 for email, but don't have 
Microsoft's SPF info in their record). I think we're going to have to back off on filtering based on them. Do you flag 
emails based on SPF FAIL/soft FAIL or incorrect DKIM? Do you make sure it's correct at your institution?

Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.austincollege.edu_&d=DwMFAg&c=GTxgfYI6i4KYikqC6GK_Jzn2mYGEh-v4HEPYCyQcJzU&r=rEBQriUB7kU_t6oAksu5pMPHrCub_HcRbmBX-fT96-E&m=L9fP8jDpnKvu0g50RxfEXym0kW_r1tyvqjeU9nikWLE&s=8NgeQ6yzIEtrl1SqSLkAuaezbSc1ePJRdaF4dwZp9ko&e=>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFAg&c=GTxgfYI6i4KYikqC6GK_Jzn2mYGEh-v4HEPYCyQcJzU&r=rEBQriUB7kU_t6oAksu5pMPHrCub_HcRbmBX-fT96-E&m=L9fP8jDpnKvu0g50RxfEXym0kW_r1tyvqjeU9nikWLE&s=RUzh6pHpPAw2jFB-Igpl0sDl4Z8HE88VcOIs65UZE0Y&e=>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

SPAM filtering Thomas Carter (Oct 02)
- Re: SPAM filtering Bandy, John (Oct 02)
- Re: SPAM filtering John McCabe (Oct 02)
- Re: SPAM filtering Frahm, Eric J Jr. (Oct 02)
- Re: SPAM filtering Dan Oachs (Oct 02)