Email Administrator Best Practices: Page 2
Many small and mid-sized companies relying on turn-key and hosted solutions for critical systems like email, but there are still plenty of IT managers who took on the task of building and operating their own infrastructures as cost saving measures. As a result, there are plenty of people whose job description includes email systems administrator have never seen, much less edited, a raw configuration file on a Unix-based email server.
Luckily for those of us who took on sysadmin duties as a hobby, the default configurations for many systems proved good enough to get mail flowing relatively reliability, even if all the Ts arent crossed and Is arent dotted. Such was the legacy of that old adage in email circles: Be conservative in what you send and liberal in what you accept.
But as more and more ISPs and corporations tighten their approaches to fighting abuses like spam and phishing, the leeway that once allowed the default configuration of a cobbled-together hobbyists Linux box to work is rapidly disappearing.
Spammers and phishers have been abusing the openness of email systems for more than a decade, relying on the fact that even badly configured systems can get mail delivered. As a result, redefining loose standards as security risks means it is going to be increasingly difficult for mail to just work in the way it used to.
This message was brought home to me a few years ago when a pal helped me tweak the anti-spam settings on my own email server. With just a few configuration changes, I was able to avoid processing a surprisingly large amount of spam just by tightening the restriction on what kinds of From: lines, and other mail delivery handshake features were deemed acceptable.
Of course, I also quickly found that a few of my regular email correspondents could no longer reach me either. Thats when I began to realize just how many sites, even some run by highly skilled admins, were and are still relying upon the kindness of strangers to get their email delivered.
Unfortunately, in this age of massive messaging abuse, kindness is in short supply because being too permissive in your email policies means exposing your network to increasing amounts of trouble.
Having done my share of spam-related consulting over the years, the scenario that ends in an overhaul of an email infrastructure is familiar. Starting with vague complaints from frustrated users about the occasional missing email, it may take weeks or months before patterns begin to emerge in what had been dismissed as transient glitches and user error.