Re: Anyone using SPF/SRS/SenderID ?

[Andrew Daviel <advax () TRIUMF CA>]

On Wed, 6 Jan 2010, Ed Gibson wrote:

> Hi Andrew
>
> We set our SPF record to hard fail approximately 6 months ago. We have seen a
> significant decline as far as our email addresses being spoofed for the
> purposes of SPAM delivery as a result.

As I was trying to work out with my examples, if we set SPF to hard fail,
we'd be at the mercy of other organizations to use SRS for forwarding.

We have a lot of researchers who come here for various periods, also
staff from here who are working elsewhere. Generally they have email
accounts both here and at their home
institution (plus whatever personal accounts they may have), and often
forward one to the other. Also, unless someone is terminated with
prejudice, we often forward their email to their new institution when
they leave (as one might do with surface mail).

I don't have a good idea of how widespread support for SRS or
"resent-from" is among the academic community, if we break traditional
forwarding by hard-failing SPF. E.g. AFAIK they are not hard-coded in
current sendmail, but require external milters and configs.

DKIM looks interesting, as Jesse points out. I guess I'll take a look at
that too.

On the receiving side, we aren't bouncing SPF failures but use the
built-in scoring in SpamAssassin. I had been whitelisting (in the
SpamAssassin sense) .edu IP blocks as being generally OK, until a recent
rash of Squirrelmail compromises. I also started using
http://www.emailreg.org/ DNSWL, though found that one of the compromised
.edu sites had listed themselves :-/

--
Andrew Daviel
TRIUMF