The way domain names work, at least for public schools in Ohio is they all get a domain name from the State. K12.oh.us is the root, so we are elyriaschools.k12.oh.us We of course do not own the name, the state does. So we have no control over the dns records, or the SPF records and there are layers upon layers of red tape. When we send from that domain name it has to be forwarded to servers outside our control. And when that domain receives it is mandatory that it first goes through the states spam filter and system. It is all very complicated.
Network wise it is worse. We do not connect directly to the internet. We are behind a 'state' run ISP down the street that serves about 40 area school districts. And they are not direct connected either, they go to Columbus 150 miles away to the State edu network hub. And then it goes to Atlanta, GA. However it is lighting fast fiber, my connection rules. And we do have a block of public IP addresses that are always routed straight to our firewall, and they will do rDNS on them for us no problem. So we took care of all the related issues by getting our own domain name, which you see I use. Elyriaschools.org. So yes, there is only one IP address in our SPF record. While we still accept the state domain we do not use it publically or send with it. The only mail we get to that domain anymore is from the state. And there is no outbound port 25 allowed past my firewall except our sending server. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 23, 2008 4:03 PM To: MS-Exchange Admin Issues Subject: RE: NDR's generated via spoofed from address This may sound like (and be) a stupid question, but why is it such a problem? Do you just allow ANY IP to send SMTP traffic to the internet or something? Seems like even that would be possible to cover with SPF. (Note, this is merely advertising which IPs are allowed to send as your domain, not necessarily checking inbound email for their SPF records.) ________________________________ From: Kennedy, Jim [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 23, 2008 11:05 AM To: MS-Exchange Admin Issues Subject: RE: NDR's generated via spoofed from address I hear ya, ours is probably similar. edu networks can be exciting. But even if you can narrow it down to a class B that is an improvement......casting a wide address space in your SPF would at least eliminate a great part of the rest of the internet...... From: Salvador Manzo [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 23, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: Re: NDR's generated via spoofed from address Some of us have very weird network setups that make SPF records non-starters... (sigh) On 4/23/08 10:27 AM, "Kennedy, Jim" <[EMAIL PROTECTED]> wrote: You certainly should publish an SPF, it can help and causes no harm as you point out. But I would respectfully suggest that someone sending that much backscatter is already so clueless that they probably don't check SPF either. Firewall them. From: Don Andrews [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> Sent: Wednesday, April 23, 2008 1:23 PM To: MS-Exchange Admin Issues Subject: RE: NDR's generated via spoofed from address Publishing an SPF record may help some depending on the domain(s) the NDR's are coming from. ________________________________ From: Clayton Doige [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> Sent: Wednesday, April 23, 2008 5:38 AM To: MS-Exchange Admin Issues Subject: NDR's generated via spoofed from address Hi all, have a user who is getting nailed with NDR's for email she is not sending. We have verified that there are no matching emails coming out of the E2k3 SP2 server which means that someone 'out there' is spoofing the from address and NDR's are going to that address. What's the best bet to combat this? Said user is getting bored of deleting the NDR's Thanks in advance for any advice :) Clayton Doige Project Management Consultant Green IT Solutions Ltd [EMAIL PROTECTED] 01277844943 07949255062 www.greenit.co.uk <http://www.greenit.co.uk><http://www.greenit.co.uk> --- Salvador Manzo ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
