Educause Security Discussion mailing list archives
Email and cloud services
From: Thomas Carter <tcarter () AUSTINCOLLEGE EDU>
Date: Fri, 11 May 2018 21:02:15 +0000
With the increase in outsourced solutions across campus, there is a related increase in requests for updates to our SPF records for outgoing emails and whitelisting for incoming emails. However, many of these vendors turn around and use an email service for the sending meaning we're being asked to whitelist or add to SPF records for these large email and marketing firms. For example, we were recently asked by a SaaS vendor to whitelist all emails from Amazon SES, and another vendor asked us to add an SPF entry for a generic email marketing firm (of which we already have some). Unfortunately these requests happen after the contracts are signed and we are just asked to "make it work." My concern is we only have a contract with one customer of the email service, and any other customer of theirs is now either whitelisted or included in our SPF. What are your views and policies around this type of email security issues? How do you handle them (grit your teeth and bare it, push back on the vendor, or?) ? Any other thoughts or words of wisdom? Thomas Carter Network & Operations Manager / IT Austin College 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 www.austincollege.edu<http://www.austincollege.edu/>
Current thread:
- Email and cloud services Thomas Carter (May 11)
- Re: Email and cloud services Dan Oachs (May 11)
- Re: Email and cloud services Patrick McElhinney (May 13)
- Re: Email and cloud services Dan Oachs (May 11)