SPF Configurations

Tony Finch dot at dotat.at
Tue Dec 8 16:39:07 UTC 2009


On Tue, 8 Dec 2009, Suresh Ramasubramanian wrote:
>
> As for a university smarthost getting blocked you'd probably need to
> look at one of two things -

Three :-)

> 1. Forwarding users on your campus - with mailboxes that accept a lot
> of spam and then forward it over to student / alumni AOL, Comcast,
> Yahoo etc accounts
> 2. Spam generated by infected PCs / laptops, hacked machines etc on
> your campus LAN

3. Spammers abusing your webmail and/or remote message submission service
using phished credentials.

If your incoming spam blocks are effective then forwarding shouldn't be
too much of a problem.

For on-campus bots, block port 25 and ensure your MX servers can't be used
as outgoing relays (i.e. put your outgoing relay service on a separate
address). If you are lucky your colleagues chose a really obscure name
(not mail.* or smtp.* etc.) for your outgoing relay service 20 years ago
so spammers are less likely to guess it :-)

To protect against phished accounts, apply rate-limits to outgoing email.
If you have good on-campus security hygeine then you can be much less
strict about the limits for on-campus connections.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.




More information about the NANOG mailing list