[120039] in North American Network Operators' Group
Re: SPF Configurations
daemon@ATHENA.MIT.EDU (Tony Finch)
Tue Dec 8 11:41:32 2009
Date: Tue, 8 Dec 2009 16:39:07 +0000
From: Tony Finch <dot@dotat.at>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
In-Reply-To: <bb0e440a0912071155h715cd64bj67ee7f515b030e57@mail.gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, 8 Dec 2009, Suresh Ramasubramanian wrote:
>
> As for a university smarthost getting blocked you'd probably need to
> look at one of two things -
Three :-)
> 1. Forwarding users on your campus - with mailboxes that accept a lot
> of spam and then forward it over to student / alumni AOL, Comcast,
> Yahoo etc accounts
> 2. Spam generated by infected PCs / laptops, hacked machines etc on
> your campus LAN
3. Spammers abusing your webmail and/or remote message submission service
using phished credentials.
If your incoming spam blocks are effective then forwarding shouldn't be
too much of a problem.
For on-campus bots, block port 25 and ensure your MX servers can't be used
as outgoing relays (i.e. put your outgoing relay service on a separate
address). If you are lucky your colleagues chose a really obscure name
(not mail.* or smtp.* etc.) for your outgoing relay service 20 years ago
so spammers are less likely to guess it :-)
To protect against phished accounts, apply rate-limits to outgoing email.
If you have good on-campus security hygeine then you can be much less
strict about the limits for on-campus connections.
Tony.
--
f.anthony.n.finch <dot@dotat.at> http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.
