Difference between revisions of "PKP/Bug Fixes/SPF"
| Line 64: | Line 64: | ||
;; WHEN: Tue May 17 11:48:43 SAST 2016 | ;; WHEN: Tue May 17 11:48:43 SAST 2016 | ||
;; MSG SIZE rcvd: 378 | ;; MSG SIZE rcvd: 378 | ||
| + | </pre> | ||
| + | |||
| + | Sample output for "up.ac.za" | ||
| + | <pre> | ||
| + | |||
| + | ; <<>> DiG 9.10.3-P4-Ubuntu <<>> txt up.ac.za | ||
| + | ;; global options: +cmd | ||
| + | ;; Got answer: | ||
| + | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51005 | ||
| + | ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 | ||
| + | |||
| + | ;; OPT PSEUDOSECTION: | ||
| + | ; EDNS: version: 0, flags:; udp: 4000 | ||
| + | ;; QUESTION SECTION: | ||
| + | ;up.ac.za. IN TXT | ||
| + | |||
| + | ;; ANSWER SECTION: | ||
| + | up.ac.za. 3600 IN TXT "google-site-verification=uZeP8pM4K0sBZNWCE4gAo8-gK4_WzH-nFuMRUlk4408" | ||
| + | up.ac.za. 3600 IN TXT "MS=ms60833582" | ||
| + | up.ac.za. 3600 IN TXT "v=spf1 ip4:137.215.0.0/16 mx ?all" | ||
| + | |||
| + | ;; Query time: 22 msec | ||
| + | ;; SERVER: 127.0.1.1#53(127.0.1.1) | ||
| + | ;; WHEN: Tue May 17 11:50:04 SAST 2016 | ||
| + | ;; MSG SIZE rcvd: 190 | ||
</pre> | </pre> | ||
See:http://stackoverflow.com/questions/4082935/using-dig-to-search-for-spf-records | See:http://stackoverflow.com/questions/4082935/using-dig-to-search-for-spf-records | ||
Revision as of 11:49, 17 May 2016
Back to PKP Bug Fixes
Contents
Introduction
To combat spam and email phishing a new email system called the "Sender Policy Framework" (SPF) is being adopted world wide by academic institutions and others. This is a very recent development and therefore OJS systems must be retroactively configured to support SPF. This wiki page documents these efforts at Stellenbosch University Library.
What is the SPF?
https://en.wikipedia.org/wiki/Sender_Policy_Framework
From Wikipedia (retrieved 2016/05/17);
"Sender Policy Framework (SPF) is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain's administrators.[1] The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. Email spam and phishing often use forged "from" addresses, so publishing and checking SPF records can be considered anti-spam techniques."
How does the SPF work?
To determine if there is an SPF record for a sending domain, use the "dig" command as per example below in a terminal;
dig txt sun.ac.za
Sample output for "sun.ac.za"
; <<>> DiG 9.10.3-P4-Ubuntu <<>> txt sun.ac.za ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50092 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;sun.ac.za. IN TXT ;; ANSWER SECTION: sun.ac.za. 25238 IN TXT "University of Stellenbosch, South Africa" sun.ac.za. 25238 IN TXT "ydW1uk2ljPYuIuijeNP29VqLY1fH/1BYzJ8XkvuCmpe7b1pltGc4EaZcvw7V1PTKi5JkCgzH95fQNDdjOALHwQ==" sun.ac.za. 25238 IN TXT "v=spf1 ip4:146.232.64.12 ip4:146.232.64.13 ip4:146.232.64.14 include:spf.protection.outlook.com -all" sun.ac.za. 25238 IN TXT "Google Domain Verification 07082014" ;; Query time: 0 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Tue May 17 11:44:35 SAST 2016 ;; MSG SIZE rcvd: 353
Sample output for "uct.ac.za"
; <<>> DiG 9.10.3-P4-Ubuntu <<>> txt uct.ac.za ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62084 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;uct.ac.za. IN TXT ;; ANSWER SECTION: uct.ac.za. 3600 IN TXT "Ox1qfakkMKmET7grQG8BzAU0BFKkXZlwIZLm68SBnlYXFefU2YK8lhbZCzevz88UNYx5QNheElQe6z5u/uApjQ==" uct.ac.za. 3600 IN TXT "v=spf1 ip4:137.158.153.103 ip4:137.158.153.104 ip4:137.158.154.116 ip4:137.158.154.166 ip4:137.158.154.117 ip4:137.158.154.165 a include:_netblocks.mimecast.com include:spf.protection.outlook.com ~all" uct.ac.za. 3600 IN TXT "MS=ms97433074" ;; Query time: 11 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Tue May 17 11:48:43 SAST 2016 ;; MSG SIZE rcvd: 378
Sample output for "up.ac.za"
; <<>> DiG 9.10.3-P4-Ubuntu <<>> txt up.ac.za ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51005 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;up.ac.za. IN TXT ;; ANSWER SECTION: up.ac.za. 3600 IN TXT "google-site-verification=uZeP8pM4K0sBZNWCE4gAo8-gK4_WzH-nFuMRUlk4408" up.ac.za. 3600 IN TXT "MS=ms60833582" up.ac.za. 3600 IN TXT "v=spf1 ip4:137.215.0.0/16 mx ?all" ;; Query time: 22 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Tue May 17 11:50:04 SAST 2016 ;; MSG SIZE rcvd: 190
See:http://stackoverflow.com/questions/4082935/using-dig-to-search-for-spf-records
