Educause Security Discussion mailing list archives
Re: Third-party external services using your email domain
From: "Blackstone, Chris" <0000004bdf040758-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Wed, 24 Jan 2018 17:49:24 +0000
Similarly, we have multiple sub-domains Advancement.arbor.edu - Used for advancement marketing emails Admissions.arbor.edu - used for admissions marketing emails Send.arbor.edu - used for notification emails from systems like StatusPage.io I have specifically NOT whitelisted domains that send AS @arbor.edu, and we also reject emails that fail DMARC. I had to work with multiple groups on campus to coordinate all of this but it has proven beneficial, if for nothing else it let us know just how many groups were using @arbor.edu addresses when sending marketing email and the like. I would also encourage you to use a DMARC analysis service to get a sense of who is sending as you right now. We started with DMARCAnalyzer (https://www.dmarcanalyzer.com/) and now use Barracuda's Sentinel product. Tightening up your SPF record will help a lot as well. Chris -- Chris Blackstone Chief Information Officer Spring Arbor University 517-750-6406 http://www.arbor.edu <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.arbor.edu%2F&data=02%7C01%7COLSRV.EXMF.WW.00.EN.WIP.BOM.TS.T01.SPT.ST.EM%40css.one.microsoft.com%7Cbe53ab64e0cc45591a3308d501ecd1da%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636417039079773104&sdata=hMeSBIGP1oGR5hFG26BJkRaUxWIuPbVAr2RuoBXLulk%3D&reserved=0> Schedule a meeting with me at https://calendly.com/chrisblackstone On 1/23/18, 5:54 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Rob Milman" <SECURITY () LISTSERV EDUCAUSE EDU on behalf of rob.milman () SAIT CA> wrote: Hi Thomas, We went through this last year. As much as I don't like to take advice from Microsoft, they actually put together some good advice on this very subject. https://blogs.msdn.microsoft.com/tzink/2015/03/13/how-to-align-with-spf-and-dmarc-for-your-domain-if-you-use-a-lot-of-3rd-parties-to-send-email-as-you/ We ended up creating a sub-domain to reduce our risk exposure. It has worked well so far with at least 2 other mail vendors. Regards, Rob Milman Associate Director, Information Security Information Systems Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 - 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 (Cell) 403.606.3173 rob.milman () sait ca -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Thomas Carter Sent: Tuesday, January 23, 2018 3:43 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Third-party external services using your email domain We're seeing an increasing number of requests for using external services to send emails to internal recipients and wanting to use our "@austincollege.edu" domain as the sender and reply-to. They also want to make sure our spam filters do not catch these emails as spam. We can whitelist the sending server(s), but more services are using large mail vendors like MailChimp. We can white list the specific sender, but some are wanting to use valid addresses (for example, "hr () austincollege edu") and whitelisting those can lead to easier phishing. Do you allow external services to send using your domain? How are you handling these type of emails? Thomas Carter Network & Operations Manager / IT Austin College 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 www.austincollege.edu
Current thread:
- Third-party external services using your email domain Thomas Carter (Jan 23)
- Re: Third-party external services using your email domain Rob Milman (Jan 23)
- <Possible follow-ups>
- Re: Third-party external services using your email domain Blackstone, Chris (Jan 24)