I’d post a notice on your website and social media pages, wait 1-2 weeks, and 
just do it.  Most ISPs did this many years ago, hard to believe you still have 
it open and that any significant number of customers are doing mail that way.


The only customers who should need that are business customers with their own 
mailserver on premise rather than in the cloud.  You could snailmail a notice 
to your business customers, assuming that’s a small subset of your total 
customers, and also that postal mail will work with them.


I’m not sure I’d impose an SPF requirement.  If a business customer says they 
have an onsite mailserver, they can opt out of port 25 blocking, how they 
configure their mailserver and DNS is up to them unless there is an incident.  
All of our business customers (by which I mean they are on a commercial plan) 
have a static IP address, so they are easy to track down.  If someone wants 
port 25 unblocked on a residential account, sorry, not available on the plan 
you’re on.



From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm
Sent: Friday, October 14, 2016 12:21 PM
To: af@afmug.com
Subject: Re: [AFMUG] communicating with customers without untraining them


thats what i did


its the communication with them thats in question


if we initiate it in any way, we pretty much un train them no matter what


On Fri, Oct 14, 2016 at 12:18 PM, Cassidy B. Larson <c...@infowest.com 
<mailto:c...@infowest.com> > wrote:

Can’t you watch for outbound netflow data for remote port 25’s from your 
customers you’re going to drop port 25 on?

Then proactively call/email them saying it’s going away.


Or if you want to keep up with the antiphishing then tell them to contact you 
back at the known good number/email they have for you or is published on your 



On Oct 14, 2016, at 11:13 AM, That One Guy /sarcasm <thatoneguyst...@gmail.com 
<mailto:thatoneguyst...@gmail.com> > wrote:


I think this has been discussed in the past.


As part of our overall security implementation we will be dropping outbound 
port 25 for non business customers and business customers dont have an email 
rserver on record with an appropriately configured SPF record.


I know which customers havent gotten with the times. The problem is how best to 
communicate with them. I am thinking its best to just drop it for a few hours 
at a time to drive support calls from those who notice it during that window 
periodically until we implement it permanently to limit a flood of support 
calls all at once. And maybe a notice on our website of what is going on.


The issue I have is if we reach out in any way, directly, we circumvent all the 
antiphishing propaganda. If we email, then spoofed emails are trusted, if we 
email with a link, then they start trusting spoofed emails with links, same 
with our telephone number. If we reach out directly via telephone, well then 
they start paying IRS fines to John from india.


anybody else implemented this and handled it responsibly?



If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.




If you only see yourself as part of the team but you don't see your team as 
part of yourself you have already failed as part of the team.

Reply via email to