[119997] in North American Network Operators' Group
Re: SPF Configurations
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Mon Dec 7 14:55:55 2009
In-Reply-To: <4B1D4094.9020303@csuohio.edu>
Date: Tue, 8 Dec 2009 01:25:01 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
To: Michael Holstein <michael.holstein@csuohio.edu>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Dec 7, 2009 at 11:21 PM, Michael Holstein
<michael.holstein@csuohio.edu> wrote:
>
> Personally, I think SPF is a major PITA operations-wise .. but if you've
> ever had to fill out the form to get un-blacklisted at Yahoo/AOL, that's
> one of the first things they ask .. "do you have a spfv1 record defined?".
With yahoo and aol - they'd be just as satisfied if you used, say, DKIM.
Hotmail's the only one that insists on sender-id (not spfv1 either)
As for a university smarthost getting blocked you'd probably need to
look at one of two things -
1. Forwarding users on your campus - with mailboxes that accept a lot
of spam and then forward it over to student / alumni AOL, Comcast,
Yahoo etc accounts
2. Spam generated by infected PCs / laptops, hacked machines etc on
your campus LAN
If you took steps to fix some of these -
1. Isolate your forwarding through a separate IP or subnet, filter it
before forwarding on
2. Separate your outbound to another set of IPs, again filter
and a few other things - related to this .. you'd get blocked far less.
Joe St.Sauver of UOregon, being a maawg senior tech advisor and also
active in EDUCAUSE etc, might have a white paper on this, like he does
on most other security related issues under the sun :)
--
Suresh Ramasubramanian (ops.lists@gmail.com)
