North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ingress SMTP
[email protected] wrote: ----- Original Message ----- I don't have any experience in ISP or university environments, but when we were trying to get DKIM running at Cisco, we thought that it would be a whole lot better idea to at least have an idea who was sending the mail if we were going to sign it as being ours. This proved to be quite a bit more problematic than we imagined, owing partly to getting the responsible group to want to take ownership to make the change (we worked closely with them, and they were receptive), but much more of not knowing what we didn't know were we to require smtp auth on submission or anywhere else for that matter. This may speak more to the way that the big old franken-company's parts were put together, but I suspect that it's probably a pretty common problem for any sort of company that's, oh say, grown fast, or has lots of things going on, or where one hand doesn't know what the other is doing :) This is pretty much similar to DKIM itself: it's pretty easy to get the bulk of your traffic doing the right thing, but it's pretty hard to get the outliers brought in line such that you can make a strong policy statement in the case of DKIM (cf draft-ietf-dkim-asp) or rejecting unauthenticated traffic via 587, or whatever else. Mike
|