SPF Configurations

Suresh Ramasubramanian ops.lists at gmail.com
Mon Dec 7 13:55:01 CST 2009


On Mon, Dec 7, 2009 at 11:21 PM, Michael Holstein
<michael.holstein at csuohio.edu> wrote:
>
> Personally, I think SPF is a major PITA operations-wise .. but if you've
> ever had to fill out the form to get un-blacklisted at Yahoo/AOL, that's
> one of the first things they ask .. "do you have a spfv1 record defined?".

With yahoo and aol - they'd be just as satisfied if you used, say, DKIM.
Hotmail's the only one that insists on sender-id (not spfv1 either)

As for a university smarthost getting blocked you'd probably need to
look at one of two things -
1. Forwarding users on your campus - with mailboxes that accept a lot
of spam and then forward it over to student / alumni AOL, Comcast,
Yahoo etc accounts
2. Spam generated by infected PCs / laptops, hacked machines etc on
your campus LAN

If you took steps to fix some of these -
1. Isolate your forwarding through a separate IP or subnet, filter it
before forwarding on
2. Separate your outbound to another set of IPs, again filter
and a few other things - related to this .. you'd get blocked far less.

Joe St.Sauver of UOregon, being a maawg senior tech advisor and also
active in EDUCAUSE etc, might have a white paper on this, like he does
on most other security related issues under the sun :)

-- 
Suresh Ramasubramanian (ops.lists at gmail.com)




More information about the NANOG mailing list