View Single Post
Old Apr 17, 19, 11:41 am
  #4  
ph-ndr
 
Join Date: Dec 2002
Programs: QR Plat
Posts: 2,158
The configuration is technically valid as it is. The configuration is not a good posture for a company that is very customer facing. By using ~all they tell us "we haven't got enough control of this" and "we are not giving this issue enough priority and that the majority of the downside here it carried by the customer and not us". That is not a good message to send. If this has been the posture of a company where most of the customers were other professional entities (imagine a producer of a product whose customers were other companies) then it would be a more fair game. End users are mostly in a poor position to deal with these kind of issues.

Also, combined with no published CAA record then you open up more abuse for the phishing emails to mimic their own marketing emails.

-A
ph-ndr is offline