From: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu
...
(And yes, I have a listserv box that cranks about 500K msgs/day, and it will
do SSL with a self-signed cert if the other end says STARTTLS. Not many
sites do.)
I think I'e seen sendmail Received headers saying the SMTP clients of some
spammers agree to STARTTLS when sending to my SMTP server.
I've no idea if they're using self-signed or commercial certs.
In this case, I'm talking about "whack-a-mole" spammers instead of
big outfits that are senders of unsolicted bulk mail and that might be
expected to use commercial certs such as Verisign.
Please consider the implications if they are using commercial certs.
Please note there is no reason except cost that they aren't using
commercial certs.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg