Incoming SMTP in the year 2017 and absence of DKIM

Chuck Anderson cra at WPI.EDU
Wed Nov 29 20:38:29 CST 2017


On Wed, Nov 29, 2017 at 12:17:57PM -0800, Michael Thomas wrote:
> The real problem with large enterprise that we found, however, is
> that it was really hard to track down every 25 year
> old 386 sitting in dusty corners that was sending mail directly
> instead of through corpro servers to make certain
> that everything was signed that should be signed. Maybe that's
> gotten better in the last 15 years, but I'm not too hopeful.

15 years ago we blocked outbound port 25 except from our campus mail
servers.  That should be SOP by now.  It is fairly easy to look at
firewall logs to find these.


More information about the NANOG mailing list