Educause Security Discussion mailing list archives
Re: SPAM filtering
From: "Bandy, John" <jbandy () SAMFORD EDU>
Date: Wed, 2 Oct 2019 16:33:35 +0000
We attempted this a few years ago and found a similar situation with small churches that we receive email from. We have turned the SPF checking off and have not plane to re-implement any time soon. John Bandy Chief Information Security Officer Technology Services 205-726-2692<tel:+1205-726-2692> | office 205-726-2692 | fax JBandy () Samford Edu<mailto:JBandy () Samford Edu> Twitter<http://twitter.com/SamfordInfoSec> 800 Lakeshore Drive Birmingham, AL 35229<https://maps.google.com/maps?q=800+Lakeshore+Drive,+Birmingham,+AL+35229,+US> [mford Samford University Logo] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Thomas Carter Sent: Wednesday, October 2, 2019 11:30 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [EXTERNAL] [SECURITY] SPAM filtering I wasn't sure which listserv to post this on, so I thought I'd give this one a shot. We recently switched to Barracuda for our spam filtering solution. We started with the default settings, but have seen a large number of valid messages getting flagged due to incorrect DKIM and/or SPF settings, including other .edu domains. I've been trying to notify the ones we find, but I wildly underestimated the number of domains with incorrect SPF records; they have records, they just aren't correct (e.g. they use Office 365 for email, but don't have Microsoft's SPF info in their record). I think we're going to have to back off on filtering based on them. Do you flag emails based on SPF FAIL/soft FAIL or incorrect DKIM? Do you make sure it's correct at your institution? Thomas Carter Network & Operations Manager / IT Austin College 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 www.austincollege.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.austincollege.edu_&d=DwMFAg&c=GTxgfYI6i4KYikqC6GK_Jzn2mYGEh-v4HEPYCyQcJzU&r=rEBQriUB7kU_t6oAksu5pMPHrCub_HcRbmBX-fT96-E&m=L9fP8jDpnKvu0g50RxfEXym0kW_r1tyvqjeU9nikWLE&s=8NgeQ6yzIEtrl1SqSLkAuaezbSc1ePJRdaF4dwZp9ko&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFAg&c=GTxgfYI6i4KYikqC6GK_Jzn2mYGEh-v4HEPYCyQcJzU&r=rEBQriUB7kU_t6oAksu5pMPHrCub_HcRbmBX-fT96-E&m=L9fP8jDpnKvu0g50RxfEXym0kW_r1tyvqjeU9nikWLE&s=RUzh6pHpPAw2jFB-Igpl0sDl4Z8HE88VcOIs65UZE0Y&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- SPAM filtering Thomas Carter (Oct 02)
- Re: SPAM filtering Bandy, John (Oct 02)
- Re: SPAM filtering John McCabe (Oct 02)
- Re: SPAM filtering Frahm, Eric J Jr. (Oct 02)
- Re: SPAM filtering Dan Oachs (Oct 02)