We have been using Spam filtering services from Postini for years and haven't had any issues.
We have moved to using SpamSoap, and as well have not had any issues until just recently. They are asking me to lock down the relay connector so that it cannot send as non-authoritative domains
They have told me that locking the firewall and the receive connector itself by IP blocks is not good enough in case they are ever compromised.
I cannot find a way to disable the ability to send as any domain by the IP addresses that are allowed to receive on this connector, ultimately becoming an OpenRelay like SpamSoap is asking for.
Can anyone shed some light on this?