Difference between revisions of "PKP/Bug Fixes/SPF"
| Line 16: | Line 16: | ||
dig txt sun.ac.za | dig txt sun.ac.za | ||
See:http://stackoverflow.com/questions/4082935/using-dig-to-search-for-spf-records | See:http://stackoverflow.com/questions/4082935/using-dig-to-search-for-spf-records | ||
| + | |||
| + | As can be seen from the sample records below the implementation per institution differs, but the point is that each domain is now SPF enabled and therefore OJS must adapt. | ||
Sample output for "sun.ac.za" | Sample output for "sun.ac.za" | ||
Revision as of 11:51, 17 May 2016
Back to PKP Bug Fixes
Contents
Introduction
To combat spam and email phishing a new email system called the "Sender Policy Framework" (SPF) is being adopted world wide by academic institutions and others. This is a very recent development and therefore OJS systems must be retroactively configured to support SPF. This wiki page documents these efforts at Stellenbosch University Library.
What is the SPF?
https://en.wikipedia.org/wiki/Sender_Policy_Framework
From Wikipedia (retrieved 2016/05/17);
"Sender Policy Framework (SPF) is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain's administrators.[1] The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. Email spam and phishing often use forged "from" addresses, so publishing and checking SPF records can be considered anti-spam techniques."
How does the SPF work?
To determine if there is an SPF record for a sending domain, use the "dig" command as per example below in a terminal;
dig txt sun.ac.za
See:http://stackoverflow.com/questions/4082935/using-dig-to-search-for-spf-records
As can be seen from the sample records below the implementation per institution differs, but the point is that each domain is now SPF enabled and therefore OJS must adapt.
Sample output for "sun.ac.za"
; <<>> DiG 9.10.3-P4-Ubuntu <<>> txt sun.ac.za ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50092 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;sun.ac.za. IN TXT ;; ANSWER SECTION: sun.ac.za. 25238 IN TXT "University of Stellenbosch, South Africa" sun.ac.za. 25238 IN TXT "ydW1uk2ljPYuIuijeNP29VqLY1fH/1BYzJ8XkvuCmpe7b1pltGc4EaZcvw7V1PTKi5JkCgzH95fQNDdjOALHwQ==" sun.ac.za. 25238 IN TXT "v=spf1 ip4:146.232.64.12 ip4:146.232.64.13 ip4:146.232.64.14 include:spf.protection.outlook.com -all" sun.ac.za. 25238 IN TXT "Google Domain Verification 07082014" ;; Query time: 0 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Tue May 17 11:44:35 SAST 2016 ;; MSG SIZE rcvd: 353
Sample output for "uct.ac.za"
; <<>> DiG 9.10.3-P4-Ubuntu <<>> txt uct.ac.za ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62084 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;uct.ac.za. IN TXT ;; ANSWER SECTION: uct.ac.za. 3600 IN TXT "Ox1qfakkMKmET7grQG8BzAU0BFKkXZlwIZLm68SBnlYXFefU2YK8lhbZCzevz88UNYx5QNheElQe6z5u/uApjQ==" uct.ac.za. 3600 IN TXT "v=spf1 ip4:137.158.153.103 ip4:137.158.153.104 ip4:137.158.154.116 ip4:137.158.154.166 ip4:137.158.154.117 ip4:137.158.154.165 a include:_netblocks.mimecast.com include:spf.protection.outlook.com ~all" uct.ac.za. 3600 IN TXT "MS=ms97433074" ;; Query time: 11 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Tue May 17 11:48:43 SAST 2016 ;; MSG SIZE rcvd: 378
Sample output for "up.ac.za"
; <<>> DiG 9.10.3-P4-Ubuntu <<>> txt up.ac.za ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51005 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;up.ac.za. IN TXT ;; ANSWER SECTION: up.ac.za. 3600 IN TXT "google-site-verification=uZeP8pM4K0sBZNWCE4gAo8-gK4_WzH-nFuMRUlk4408" up.ac.za. 3600 IN TXT "MS=ms60833582" up.ac.za. 3600 IN TXT "v=spf1 ip4:137.215.0.0/16 mx ?all" ;; Query time: 22 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Tue May 17 11:50:04 SAST 2016 ;; MSG SIZE rcvd: 190
