Re: SPF or Text DNS Records for Outbound Campus Mail

[Sam Stelfox <SStelfox () VTC VSC EDU>]

We instituted SPF records on our domains about a year and a half ago. I
haven't seen or heard complaints about spoofed emails since. The only
issue I've had other than that was when we switched mail servers around
and I forgot about the SPF records. Probably a good thing to note in any
documentation you have in regards to upgrading server. Other than that
it's been pretty 'set and forget' for us.

On 02/01/2010 07:25 AM, Michael Wilber wrote:
> Anyone using SPF or Text DNS records to prevent your domain from
> getting spoofed? If so how is it working for you? if not what other
> measures have you taken to protect from getting spoofed?
>
> Thanks,
>
> Mike Wilber * Technical Director * CISSP, MCSE, CCNP, CCDP * St. Clair
> County Community College * 323 Erie Street, Port Huron, MI 48060 *
> michael.wilber () sungardhe com * Tel 810-989-5665 * Fax 810-989-5618
>
>
> CONFIDENTIALITY: This email (including any attachments) may contain
> confidential, proprietary
> and privileged information, and unauthorized disclosure or use is
> prohibited. If you received
> this email in error, please notify the sender and delete this email
> from your system. Thank you.
>
> *From:* The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Ozzie Paez
> *Sent:* Friday, January 29, 2010 4:52 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Systems Acquisition and Development standard
>
> I think that David’s answer contains an important consideration and
> that is the inclusion of the audit team’s input.  Without it you could
> end up with a system that complies with a
> design/acquisition/development standard(s) and an audit system/team
> that audits to a different one.  That can result in much wasted time
> and the need for all kinds of exceptions to the audits in order to
> accommodate the system.  In the end, your system requirements should
> map effectively with your audit standards, that will save you time and
> money, while reducing risks,
>
> Ozzie Paez
>
> SSE/SAIC
>
> 303-332-5363
>
> *From:* The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *David Escalante
> *Sent:* Friday, January 29, 2010 2:38 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Systems Acquisition and Development standard
>
> We have a document several pages long filled with security questions
> that we co-developed with our Internal Audit department a number of
> years ago.  It's not something we've shared widely, though.
>
> We are looking at moving to the Shared Assessments tool.  See
> http://www.sharedassessments.org/ . I believe it's still free, and is,
> to quote the web page,
>
> /"Shared Assessments is a member-driven, industry-standard body that
> injects speed, efficiency and cost savings into the service provider
> control assessment process. Shared Assessments Program members
> <http://sharedassessments.org/members/> work together to eliminate
> redundancies and create efficiencies, giving all parties a
> standardized, consistent, faster, more rigorous, more efficient and
> less costly means of conducting security, privacy and business
> continuity assessments."/
>
>
> Why re-invent the wheel when the financial industry already has a
> tool?  If we all use the same questionnaire, it also makes it easier
> on vendors and suppliers, who don't have to deal with a different set
> of security questions from every customer.  While the questions are
> intended for service providers, they tend to be OK for internal
> security as well.
> --
> David Escalante
> Boston College

--
Sam Stelfox
Network Administrator
Vermont Technical College