noticeboard.ru.ac.za

2016/03/01 - Change in outgoing mail policy
mapu026
guy
During the March 1st maintenance window, we will be changing the University's Sender Policy Framework records. These records define the list of mail servers that are allowed to send outgoing mail using Rhodes (@ru.ac.za, @campus.ru.ac.za, @lists.ru.ac.za) email addresses.

At present we provide a complete list of authorised mail servers, but indicate the policy for unlisted servers as "softfail". This instructs remote mail systems that mail from unlisted servers might be forged, but asks them not to reject it outright. Instead they should apply their own local SPAM policies.

All Rhodes users should already be sending outgoing mail from their Rhodes email address via mail.ru.ac.za.

During the maintenance window we will change the default action to "fail". This means that remote mail systems should automatically reject any mail from Rhodes addresses that does not come from one of our explicitly listed mail servers. It further implies that all mail from Rhodes email addresses must now be sent via mail.ru.ac.za.

The change should reduce the number of forged emails from Rhodes email addresses.
guy
SPF was introduced at Rhodes in 2006. However, at the time it was common practice for people to send mail via their ISP's mail servers and so "softfail" was chosen to lessen the impact of the change.

There were two pre-requisites for changing this to a hard "fail". The first was the mandating of authenticated submission. The second was the introduction of Sender Rewriting Scheme support. Both were completed last year.
trackback 149446