How many of you are using SPF or DKIM to advertise your sending mail severs? For those who use any (or both), I'm interested in your experiences with it in general and more specific: the problems/challenges you faced during the implementation of it. One of the problems I see for us is the fact that we do not know what ISP's send legitimate mail using our domains. If we miss an ISP that hosts a application for us and sends mail from the app, what will be the impact? Are there solutions to minimize the impact?
We use both and so far the experience has only been positive. We had an issue with DKIM where the record was too long for a DNS implementation, but got around that.
My advice is that if there are outside hosted apps sending email purporting to come from your domain, then they should be configured to authenticate and send through a server you are in control of (a smart host if you will). Basically the same situation as a traveling laptop user, only it doesn't travel. If you can't do that, just find out what the IP is of the machine hosting the app and add it to your SPF record of authorized senders.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...