Educause Security Discussion mailing list archives
Re: SPF or Text DNS Records for Outbound Campus Mail
From: Sam Stelfox <SStelfox () VTC VSC EDU>
Date: Mon, 1 Feb 2010 08:36:32 -0500
We instituted SPF records on our domains about a year and a half ago. I haven't seen or heard complaints about spoofed emails since. The only issue I've had other than that was when we switched mail servers around and I forgot about the SPF records. Probably a good thing to note in any documentation you have in regards to upgrading server. Other than that it's been pretty 'set and forget' for us. On 02/01/2010 07:25 AM, Michael Wilber wrote:
Anyone using SPF or Text DNS records to prevent your domain from getting spoofed? If so how is it working for you? if not what other measures have you taken to protect from getting spoofed? Thanks, Mike Wilber * Technical Director * CISSP, MCSE, CCNP, CCDP * St. Clair County Community College * 323 Erie Street, Port Huron, MI 48060 * michael.wilber () sungardhe com * Tel 810-989-5665 * Fax 810-989-5618 CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. Thank you. *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Ozzie Paez *Sent:* Friday, January 29, 2010 4:52 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Systems Acquisition and Development standard I think that David’s answer contains an important consideration and that is the inclusion of the audit team’s input. Without it you could end up with a system that complies with a design/acquisition/development standard(s) and an audit system/team that audits to a different one. That can result in much wasted time and the need for all kinds of exceptions to the audits in order to accommodate the system. In the end, your system requirements should map effectively with your audit standards, that will save you time and money, while reducing risks, Ozzie Paez SSE/SAIC 303-332-5363 *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *David Escalante *Sent:* Friday, January 29, 2010 2:38 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Systems Acquisition and Development standard We have a document several pages long filled with security questions that we co-developed with our Internal Audit department a number of years ago. It's not something we've shared widely, though. We are looking at moving to the Shared Assessments tool. See http://www.sharedassessments.org/ . I believe it's still free, and is, to quote the web page, /"Shared Assessments is a member-driven, industry-standard body that injects speed, efficiency and cost savings into the service provider control assessment process. Shared Assessments Program members <http://sharedassessments.org/members/> work together to eliminate redundancies and create efficiencies, giving all parties a standardized, consistent, faster, more rigorous, more efficient and less costly means of conducting security, privacy and business continuity assessments."/ Why re-invent the wheel when the financial industry already has a tool? If we all use the same questionnaire, it also makes it easier on vendors and suppliers, who don't have to deal with a different set of security questions from every customer. While the questions are intended for service providers, they tend to be OK for internal security as well. -- David Escalante Boston College
-- Sam Stelfox Network Administrator Vermont Technical College
Current thread:
- SPF or Text DNS Records for Outbound Campus Mail Michael Wilber (Feb 01)
- <Possible follow-ups>
- Re: SPF or Text DNS Records for Outbound Campus Mail Sam Stelfox (Feb 01)