Educause Security Discussion mailing list archives
Re: Anyone using SPF/SRS/SenderID ?
From: Jesse Thompson <jesse.thompson () DOIT WISC EDU>
Date: Thu, 7 Jan 2010 11:22:16 -0600
On 1/6/2010 1:49 PM, Ed Gibson wrote:
This change has not been painless however, as we are stumbling across a number of web services that post email communications as from our domain. A example of this would be the online survey system SurveyMonkey http://www.surveymonkey.com When a user posts a survey through this service the resulting email notifications are posted as "from" our mail domain even though it originates from their mail servers, which of course fails the SPF test.
I have a suggestion for an interim step. If you are able to set up your MTA to do this, try rejecting any inbound messages claiming to be from invalid addresses within your domain. There's no legitimate reason why people would be doing this, so false positives will be low. And it will help stop at least some of the inappropriate forging of your domain.
We implemented this technique about a year or so ago. There was an initial period where we had to tell people stop using things like no-reply () wisc edu, etc. It helped that we were able to scan our logs and contact people directly to fix their practices prior to making the change. In the end, we only caught a few people off guard, and haven't had issues since the implementation.
This probably will not bring sites like SurveyMonkey in line though.We don't have any immediate intentions of setting our SPF to hard fail. If we do go down that road, I think that we might try to make the initial transition by imposing the hard fail for inbound mail only - by overriding the SPF records with hard fail in our MTA configuration, and not initially publishing the hard fail in our SPF records. By doing this, it is my belief that it will make the transition easier, since it will be easier to establish a direct line of support with the people having problems.
Jesse -- Jesse Thompson Division of Information Technology, University of Wisconsin-Madison Email/IM: jesse.thompson () doit wisc edu
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Anyone using SPF/SRS/SenderID ? Andrew Daviel (Jan 05)
- <Possible follow-ups>
- Re: Anyone using SPF/SRS/SenderID ? Jesse Thompson (Jan 06)
- Re: Anyone using SPF/SRS/SenderID ? Ed Gibson (Jan 06)
- Re: Anyone using SPF/SRS/SenderID ? Jesse Thompson (Jan 07)
- Re: Anyone using SPF/SRS/SenderID ? Andrew Daviel (Jan 07)
- Re: Anyone using SPF/SRS/SenderID ? Jesse Thompson (Jan 08)