I'm in the review loop for a new security standard (among many) dealing with SMTP, at the edge of a large enterprise. Apart from the obvious (use encryption, stupid) it doesn't say that much. SPF is specifically there, and I was able to add a few caveats about SMTP AUTH getting co-opted by spambots (hence needing rate- and resource-limiting as well as antispam scanning); and it already mentioned not letting sender addresses leak out with other than the company's own domain name. I raised a question about whether to permit subdomains.
What other good ideas do people have for such a thing, in this day and age? I worked for an email vendor for so long, I think I'm too far out of the operational loop. _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
