In article <20200101193816(_dot_)GP73491(_at_)straasha(_dot_)imrryr(_dot_)org>
More broadly there's a widespread misconception that isolated networks
are not subject to security threats or that perimeter defenses are
sufficient to protect them, even when such networks are used to manage
critical infrastructure or equipment that can create hazards if not
It is not always a misconception, rather it can be a realistic
assessment that the cost of managing authentication may not be worth the
effort, and the barriers to get it working on specialized appliances are
More than that, more complex authentication doesn't solve the problem,
since compromised devices can send authenticated spam.
If you're concerned about threats to and from IoT devices,
isn't that more what MUD addresses?
ietf-smtp mailing list