27 Aug
2024
27 Aug
'24
6:35 a.m.
For your own servers, I'd recomment checking once an hour, if not more often. Some (legitimate) senders have fairly short queue lifetimes, and some are aggressive (silly) enough to bounce mail as soon as TLS authentication fails, without waiting for the issue to be resolved.
Of course the domain in question may not carry sufficiently "important" traffic to warrant prompt detection/notification, but as a default, I'd recommend checking hourly rather than daily.
i hadn't expected _that_ frequent -- tho makes sense. i've historically run checks 1/day+ ...
easy enough to do.
Also set your TLSA RR TTLs to at most an hour.
+1
o/