For over 25 years OIT has provided a mail relay service to any campus unit that needed one. Until recently, this has served NC State well, but we are finding that our ability to provide a reliable service has been deteriorating at an alarming rate. This is primarily because our “mail reputation” for the mail relay service, an opaque metric used by mail providers to judge our likelihood to send out good mail, has fallen from superior to mediocre, and continues to decline. Today, units that make use of our relay service often find that messages delivered through the relays will acquire a higher spam score than messages delivered without it.
We are also seeing unprecedented amounts of compromised accounts on our campus due to phishing. One of our few effective ameliorations is the implementation of the protocols SPF and DKIM for our mail environment. These protocols would provide significant protection to our users from phishing, while also improving our global mail reputation. Unfortunately, it will be impossible to enable these protocols without making wholesale changes to the mail infrastructure, as they simply will not work for our environment as it is currently configured.
Recommendations for changes to our email infrastructure
The GST recommends that our customers use, where possible, one of the two mail relay services provided by Google. Customers unable to use Google’s mail relays would use either Google groups, the Majordomo list service, or Bronto. We would retire the mail relay service, as its functionality would be replaced by Google.
We believe that shifting to Google’s relays would provide for the vast majority of our customers’ needs. The GST would meet with the remaining customers to see if we can find a comparable way to enable their business, or perhaps provide an alternative to email.
This move would provide our campus with two very large benefits:
- We are positioned to enable SPF and DKIM for our domain. Google strongly encourages us to enable these protocols to help with phishing and spam. The GST believes it will cut down on spam significantly.
- All customers would have an individual relationship with Google. Currently, any service outage for the mail relay service–whether through hardware failure or troublesome behavior by a customer–will cause an outage for all who use the service. In the new infrastructure, any service outage would be limited to those that caused it.
Flow chart and matrix of options
We have prepared a flow chart and a comparable matrix of options that help explain the recommended changes. You’ll notice we organize mailings by numbers of messages sent in a 24 hour period. Some of these are limits set by Google, but for the most part they are intended as rough guidelines for the customer. Both quantity and message rate are important, so for example a server that’s very busy for a smaller portion of the day should be considered for a larger overall number per day, due to the message rate.
Finally, as with any solution, there may be a unit or two with certain processes or older machines that we will not be able to support and the GST is committed to working with the customer to see if we can find a suitable option, but ultimately, it will be up to that mail source to determine their next steps.
- Presentation to CITD – June 2017 (NCSU Restricted)