I think this has been discussed in the past.

As part of our overall security implementation we will be dropping outbound
port 25 for non business customers and business customers dont have an
email rserver on record with an appropriately configured SPF record.

I know which customers havent gotten with the times. The problem is how
best to communicate with them. I am thinking its best to just drop it for a
few hours at a time to drive support calls from those who notice it during
that window periodically until we implement it permanently to limit a flood
of support calls all at once. And maybe a notice on our website of what is
going on.

The issue I have is if we reach out in any way, directly, we circumvent all
the antiphishing propaganda. If we email, then spoofed emails are trusted,
if we email with a link, then they start trusting spoofed emails with
links, same with our telephone number. If we reach out directly via
telephone, well then they start paying IRS fines to John from india.

anybody else implemented this and handled it responsibly?

If you only see yourself as part of the team but you don't see your team as
part of yourself you have already failed as part of the team.

Reply via email to