Peter J. Holzer wrote:
On 2007-05-01 22:58:12 -0400, David F. Skoll wrote:
Yep. We can't "outlaw" this practice in the RFC, of course, but I think
that this service isn't very useful any more. If you are doing any
serious anti-spam filtering you really want the same filter rules on all
your MXs. You especially don't want an "accept everything" policy on the
lowest-priority MX because spammers do expect and exploit that.
(Hmm, is that another recommendation that should go into the RFC if it
isn't already there? "If there are multiple MX for a domain, they
SHOULD implement the same policy for accepting or rejecting mail. In
particular, a lower priority MX should not accept mail that a higher
priority MX rejects")
Good point, that is what I meant when I wrote in my msg to David S.,
"The central idea is authorized integration of heterogeneous
systems so that they all look like one network."
We ran into this issue a number of times with customers when we first
introduced our strong Email AVS system. They had to decide one way or
another how to best combine them (or not). Many were using these
secondary MX AVS services. Many were using appliance boxes such as
Barracuda and others, etc.
The initial issue was mainly "What Comes First?"
For some if they used their existing service or box as the first MX,
then routed/forwarded to their new SMTP server, they couldn't use some
of its features, such as SPF. For others, an "Valid Email Address"
export tool help them for their service or box. Over time, some
actually dumped their external service/box.
So yes, I do see a possible statement regarding:
"persistent SMTP behavior in multiple MX environments."
However, I think you will find some who may advocate the preference=0
idea or "First MX" as a "greylist concept." Isn't there an RFC or I-D
that proposes this Preference=0 method?
--
HLS