Re: Does anyone know how Verizon's outbound, external mail (port 587) is going to work?

[Derek Diget <derek.diget+educause-security () WMICH EDU>]

On Sep 24, 2009 at 11:52 -0400, Dennis Meharchand wrote:
=>Because we implemented SPF (Sender Policy Framework) - to mitigate our email
=>addresses from being spoofed with SPAM and Malware (we are a security
=>company) - our emails get rejected when sent to email servers looking for
=>SPF implementation.
=>
=>If you have implemented SPF records you may run into problems using 587 for
=>sends.

I am no SPF expert.....but if your e-mail submission is done correctly
you shouldn't have any problems with a SPF record ending in -all.

So, define "using 587"?

If you mean your user's (e-mail address using your domain) are using
their "home" ISP's message submission agent (MSA) or some other MSA than
your own via port 587, then, yeah, you sill have SPF problems without
listing/including all of the possible places their e-mail can source
from in your SPF record.  (Which to me would be a never ending game of
whack-a-mole.)

What should happen is that your user's submit messages using _your_ MSA
via port 587.  Then you just have to include that system in your SPF
record.


And for all of the hotels and other captive networks that block
everything except port 80/443....Per IETF Best Common Practice 134 (RFC
5068), section 4.1, "Access Providers MUST NOT block users from
accessing the external Internet using the SUBMISSION port 587
[RFC4409]."



--
***********************************************************************
Derek Diget                            Office of Information Technology
Western Michigan University - Kalamazoo  Michigan  USA - www.wmich.edu/
***********************************************************************