[tech] [wheel] UCC SPF\DKIM records

Matt Johnston matt at ucc.asn.au
Sat Feb 3 10:08:25 AWST 2024 

Hi Steven,

The DKIM record is still used and correct, headers of email sent from 
UCC are signed with that key.
Without it the email deliverability decreases significantly (ends up in 
recipient spam folders instead).
https://www.cloudflare.com/en-gb/learning/email-security/dmarc-dkim-spf/

The SPF record for 130.95.0.0/16 covers the current sending address 
(130.95.13.30), though could now be limited to just .13/24. We can 
remove the ironports, thanks for the reminder.
(We set it to the entirety of UWA at one point because outbound 
mailservers were being changed without any notification, so didn't want 
to get caught out).
The 203.27.114.0/23 is enabled to allow sending mail from off-site UCC 
servers that use .ucc.asn.au subdomains too.
I think smtp-engine.com was an experiment with a 3rd party outbound 
provider, that can be removed. We'll get that done

Cheers,
Matt


On 2024-02-01 9:48 am, Steven Lim wrote:
> Hi James et al
> 
> We're just reviewing DNS records related to SPF\DKIM. We note that the
> UCC have some records in place and we're after additional information.
> The records in question are as follows:
> 
> Domain			Type	Usage	Record					Value
> Ucc.asn.au		TXT	DKIM	ucc-2016-3._domainkey.ucc.asn.au.	v=DKIM1; k=rsa;
> t=y;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
> 
> Ucc.gu.uwa.edu.au	TXT	DKIM	ucc-2016-3._domainkey.ucc.gu.uwa.edu.au.	v=DKIM1;
> k=rsa; t=y;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
> 
> Ucc.guild.uwa.edu.au	TXT	DKIM	ucc-2016-3._domainkey.guild.uwa.edu.au.	v=DKIM1;
> k=rsa; t=y;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5fGQBeHII4Slf0iIguwwuLcbWmHv0JaNyUgubDIevYXpaZQdd5WrBO8sQcTezxbKlovMQFK1T5S1Z4tToWr7+Q6w3enVHkAFyT6qYSONzi4pcK3HKhG2DHwIaFm6csyjDQg0tk7dHgAqdjgQitPn84dbrbAGjJ24mxipdDNsoVQIDAQAB
> 
> Each of the domains also has the following SPF record:
> 
> v=spf1 ip4:203.27.114.0/23 ip4:130.95.0.0/16 ip4:139.138.31.0/24
> ip4:139.138.42.0/24 include:spf.smtp-engine.com
> include:spf.forwardemail.net ~all
> 
> Could you please advise:
> 1. What is the DKIM record ucc-2016-3._domainkey used for? Is it still 
> required?
> 2. What are the following SPF records required for and are they still 
> required?
> 	a. ip4:203.27.114.0/23, appears to be your entire network
> 	b. ip4:130.95.0.0/16, the entire UWA network
> 	c. ip4:139.138.31.0/24 ip4:139.138.42.0/24 UWA IronPorts, soon to be
> phased out. The first record has already been decommissioned
> 	d. include:spf.smtp-engine.com, Unknown
> 
> If you could get back to me asap.
> 
> ta
> --
> Steven Lim
> Manager System Administration
> University IT   .  B658 R206, M463, Perth WA 6009 Australia
> P +61 8 6488 2970  M +61 4 3856 1173  .  E steven.lim at uwa.edu.au (inc 
> Teams)
> C https://uwa.zoom.us/my/stevenjlim
> 
>     

More information about the tech mailing list