{"id":20563,"date":"2024-10-28T12:00:45","date_gmt":"2024-10-28T11:00:45","guid":{"rendered":"https:\/\/blog.rwth-aachen.de\/itc\/?p=20563"},"modified":"2024-11-27T15:25:55","modified_gmt":"2024-11-27T14:25:55","slug":"e-mail-6","status":"publish","type":"post","link":"https:\/\/blog.rwth-aachen.de\/itc\/en\/2024\/10\/28\/e-mail-6\/","title":{"rendered":"Email Security \u2013 Evaluation and Application of the SPF Policy"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_20563 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_20563')){$('.twoclick_social_bookmarks_post_20563').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blog.rwth-aachen.de\\\/itc\\\/en\\\/2024\\\/10\\\/28\\\/e-mail-6\\\/\",\"post_id\":20563,\"post_title_referrer_track\":\"Email+Security+%E2%80%93+Evaluation+and+Application+of+the+SPF+Policy\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><div id=\"attachment_20585\" style=\"width: 310px\" class=\"wp-caption alignright\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/10\/SPF-rekord-mit-logo-1.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-20585\" class=\"size-medium wp-image-20585\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/10\/SPF-rekord-mit-logo-1-300x174.png\" alt=\"Symbolic image of the evaluation and application of the SPF policy \" width=\"300\" height=\"174\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/10\/SPF-rekord-mit-logo-1-300x174.png 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/10\/SPF-rekord-mit-logo-1-1024x593.png 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/10\/SPF-rekord-mit-logo-1-768x444.png 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/10\/SPF-rekord-mit-logo-1-1536x889.png 1536w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/10\/SPF-rekord-mit-logo-1-2048x1185.png 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-20585\" class=\"wp-caption-text\">Source: Own illustration<\/p><\/div><\/p>\n<p>In this post of our <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en?s=e-mail-sicherheit\">email security series<\/a>, we would like to inform you about an upcoming tightening of the SPF policy that will apply to RWTH Aachen University as of December 5, 2024. The change will prevent RWTH email addresses from being used as sender addresses by mail servers outside of RWTH Aachen University in the future. This will further increase email security at our university. Please note that this article is mainly intended for mail administrators of RWTH institutions. (*)<\/p>\n<p><!--more--><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\"><strong>Background: SPF Protocol and Applying of the SPF Policy<\/strong><\/span><\/h3>\n<p>In the <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/2022\/07\/27\/e-mail-2\/\">blog article<\/a> &#8220;Email Security &#8211; The SMTP Protocol and Its Problems (Sending and Receiving)&#8221; we explained what the SPF protocol is for and how it can be implemented. For RWTH, an SPF record was placed in the DNS for each email domain, containing the IP addresses that are allowed to use sender email addresses from the RWTH domain. An SPF record looks like this:<\/p>\n<div id=\"attachment_20570\" style=\"width: 431px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/10\/SPF-Rekord-1.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-20570\" class=\"wp-image-20570 size-full\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/10\/SPF-Rekord-1.png\" alt=\"Image of a SPF Record\" width=\"421\" height=\"35\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/10\/SPF-Rekord-1.png 421w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2024\/10\/SPF-Rekord-1-300x25.png 300w\" sizes=\"auto, (max-width: 421px) 100vw, 421px\" \/><\/a><p id=\"caption-attachment-20570\" class=\"wp-caption-text\">SPF Record<br \/>Source: Own illustration<\/p><\/div>\n<p>&nbsp;<\/p>\n<p>This DNS record can be used to configure how a receiving mail server should handle emails from a specific domain. For the RWTH domains, we are currently ask the recipient to consult the SPF record for verification.<\/p>\n<p>However, the recipient should check generously. This is indicated by \u201c~All\u201d. This means that we cannot exclude the possibility that different recipients treat our emails differently and reject or accept them, even though the sending IP address is not authorized to send emails with a sender address in the RWTH name space.<\/p>\n<p>We now want to make this policy more binding and change the ~All addition to -All. The minus in front of &#8220;All&#8221; now means that the SPF record must be checked. This way we advise recipients to reject emails from the RWTH domain if they are sent from an unauthorized IP address. The IT Center hopes that this will improve the email reputation and email security for the employees of the RWTH mail domains in the long run.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\"><strong>When Will the Change Take Place?<\/strong><\/span><\/h3>\n<p>From December 5, 2024, we will evaluate our own SPF record and compare the sender&#8217;s email address with the SPF record we may have stored. If the check results in a fail or soft fail, we will reject these emails at the central mail gateway. (**)<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\"><strong>What Are the Consequences of the Changeover?<\/strong><\/span><\/h3>\n<p>End-users, i.e. students and staff who only use their <em>@[&lt;institute&gt;]rwth-aachen.de<\/em> or similar address exclusively in their email client (Thunderbird, Smartphone, etc.) should not notice any difference<\/p>\n<p>If RWTH institutions operate systems that send e-mails, e.g. status mails etc., these must be configured to send the e-mails to <em>smarthost.rwth-aachen.de<\/em> or <em>smarthost-tls.rwth-aachen.de<\/em>. It is strongly discouraged to use DNS resolution for mail delivery. This would cause the emails to be rejected by us. Furthermore, emails sent from external mail servers with sender addresses from the RWTH name space, e.g. from service providers, will be rejected. Please check this accordingly. If you have implemented such a scenario, please contact us.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\"><strong>Further Information<\/strong><\/span><\/h3>\n<p>If you want to learn more about email security, you can get a comprehensive overview in the five blog posts already published in the email security series:<\/p>\n<ul>\n<li><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2022\/06\/15\/e-mail-1\/\">https:\/\/blog.rwth-aachen.de\/itc\/en\/2022\/06\/15\/e-mail-1\/<\/a><\/li>\n<li><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2022\/07\/27\/e-mail-2\/\">https:\/\/blog.rwth-aachen.de\/itc\/en\/2022\/07\/27\/e-mail-2\/<\/a><\/li>\n<li><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2022\/09\/07\/e-mail-3\/\">https:\/\/blog.rwth-aachen.de\/itc\/en\/2022\/09\/07\/e-mail-3\/<\/a><\/li>\n<li><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2023\/08\/30\/e-mail-4\/\">https:\/\/blog.rwth-aachen.de\/itc\/en\/2023\/08\/30\/e-mail-4\/<\/a><\/li>\n<li><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/2024\/03\/13\/e-mail-5\/\">https:\/\/blog.rwth-aachen.de\/itc\/en\/2024\/03\/13\/e-mail-5\/<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<hr \/>\n<p>Responsible for the content of this article is <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/it-center\/profil\/team\/~epvp\/mitarbeiter-campus-\/?gguid=PER-2J3BZDS&amp;allou=1&amp;lidx=1\">Thomas P\u00e4tzold<\/a>.<\/p>\n<p>(*) The chart was updated on November 27, 2024.<\/p>\n<p>(**) The chart was updated on November 27, 2024.<\/p>","protected":false},"excerpt":{"rendered":"<p>Sorry, this entry is only available in Deutsch.<\/p>\n","protected":false},"author":3675,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"c2c_always_allow_admin_comments":false,"footnotes":""},"categories":[306,314,315,305],"tags":[951,1273,1274,287],"class_list":["post-20563","post","type-post","status-publish","format-standard","hentry","category-ankuendigungen","category-it-sicherheit","category-services-support","category-themen","tag-e-mail-sicherheit","tag-spf-policy","tag-spf-rekord","tag-umstellung"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/20563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/users\/3675"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/comments?post=20563"}],"version-history":[{"count":10,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/20563\/revisions"}],"predecessor-version":[{"id":20840,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/20563\/revisions\/20840"}],"wp:attachment":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media?parent=20563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/categories?post=20563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/tags?post=20563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}