-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In message
<1c1856a5-ae46-48a0-84cd-66eafb543fa9(_at_)gulbrandsen(_dot_)priv(_dot_)no>,
Arnt Gulbrandsen <arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no> writes
On Sunday 4 October 2020 11:49:29 CEST, Keith Moore wrote:
Please cite these "well established anti-abuse metrics" because
they should not be accepted as valid without question.
Actually, a significant set of email senders do question and do not accept
them, so you're in a lot of company here, even if it may not be very good
company ;)
"metrics" means measurement -- it's more heuristics as to how you should
configure and run your system. About 7 years ago I helped put together
a consensus view of what these heuristics might be for production
systems (ie ones where you really cared whether they worked).
It never got published, not least because the first few pieces of
excellent advice were not seen as something that it was desirable by the
potential publisher to endorse.
That doesn't in my view (and those who helped compile the list) stop
this from being excellent advice -- it's kind of a clue test, if you
cannot obtain an IPv4 address then you probably should not be sending
email at scale. One day that will change, and standards writers may wish
to look into the far future so will not include short-term
considerations in their output. For the next few years however:
* Use a static IPv4 address for your email system
* Do not share this IPv4 address with user machines
* Do not host your email system ‘in the cloud’
* Make sure that your IP address is not listed in the PBL
* Provide an MX record
* Provide meaningful and consistent reverse DNS
* Your system should say HELO (or EHLO) with its hostname
* Keep your software completely up-to-date
* Use a submit port with effective authentication or strict
IP access controls
* Limit outgoing email volumes
* Accept reports of problems with your systems
* Review the mail system logs on a regular basis
* Ensure your system is highly reliable
* Don’t create backscatter
* Maintain a good reputation
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBX3oLzd2nQQHFxEViEQLbwwCg+ue1rLkX4KkwHV8L58AmNAf8NsoAoOVQ
RIR0X//CXCtR5JzyBf2fcwpu
=ydt6
-----END PGP SIGNATURE-----
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp