[120044] in North American Network Operators' Group
Re: SPF Configurations
daemon@ATHENA.MIT.EDU (Michael Holstein)
Tue Dec 8 13:20:01 2009
Date: Tue, 08 Dec 2009 13:19:16 -0500
From: Michael Holstein <michael.holstein@csuohio.edu>
To: Tony Finch <dot@dotat.at>
In-Reply-To: <alpine.LSU.2.00.0912081631570.6581@hermes-1.csi.cam.ac.uk>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> 3. Spammers abusing your webmail and/or remote message submission service
> using phished credentials.
>
I'll admit .. this has happened a few times too. Usually we see the
incoming phish attempt and configure an outbound block for RE: (same
subject) and it never fails .. we catch at least one person that
responds. We've seriously considered sending our own phishing emails
with a link that automatically disables anyone's account if they click it.
> If your incoming spam blocks are effective then forwarding shouldn't be
> too much of a problem.
>
>
Never-ending game of cat & mouse. Our volume is 1.5-2m msg/day, and I'd
say we catch ~95% of it .. but when a batch gets through and a third of
our students have mail forwarded to Yahoo, from Yahoo's point-of-view,
they just got 10,000 spam from our IPs.
> For on-campus bots, block port 25 and ensure your MX servers can't be used
> as outgoing relays
We do that, as well as run daily reports on outbound ACL denies to see
who's been compromised (or being naughty on purpose).
> (i.e. put your outgoing relay service on a separate
> address). If you are lucky your colleagues chose a really obscure name
> (not mail.* or smtp.* etc.)
They did.
> To protect against phished accounts, apply rate-limits to outgoing email.
> If you have good on-campus security hygeine then you can be much less
> strict about the limits for on-campus connections.
>
>
Anyone know how to do this in Domino off-hand? (without sending IBM a
fat check) .. if so, I'd love to hear about it so I can tell our Lotus
admins.
Cheers,
Michael Holstein
Cleveland State University
