SPF Configurations

Michael Holstein michael.holstein at csuohio.edu
Tue Dec 8 12:19:16 CST 2009

> 3. Spammers abusing your webmail and/or remote message submission service
> using phished credentials.

I'll admit .. this has happened a few times too. Usually we see the
incoming phish attempt and configure an outbound block for RE: (same
subject) and it never fails .. we catch at least one person that
responds. We've seriously considered sending our own phishing emails
with a link that automatically disables anyone's account if they click it.

> If your incoming spam blocks are effective then forwarding shouldn't be
> too much of a problem.

Never-ending game of cat & mouse. Our volume is 1.5-2m msg/day, and I'd
say we catch ~95% of it .. but when a batch gets through and a third of
our students have mail forwarded to Yahoo, from Yahoo's point-of-view,
they just got 10,000 spam from our IPs.

> For on-campus bots, block port 25 and ensure your MX servers can't be used
> as outgoing relays

We do that, as well as run daily reports on outbound ACL denies to see
who's been compromised (or being naughty on purpose).

>  (i.e. put your outgoing relay service on a separate
> address). If you are lucky your colleagues chose a really obscure name
> (not mail.* or smtp.* etc.) 

They did.

> To protect against phished accounts, apply rate-limits to outgoing email.
> If you have good on-campus security hygeine then you can be much less
> strict about the limits for on-campus connections.

Anyone know how to do this in Domino off-hand? (without sending IBM a
fat check) .. if so, I'd love to hear about it so I can tell our Lotus


Michael Holstein
Cleveland State University

More information about the NANOG mailing list