ietf-smtp
[Top] [All Lists]

Re: RFC 3207 STARTTLS

2008-10-27 12:56:19

On Mon, 27 Oct 2008, Carl S. Gutekunst wrote:

FWIW, I've actually measured that. Each of Postini's outbound SMTP
relays connects to roughly 30,000 domains per day that claim TLS
support. Of those, about 50% use self-signed certs. (Certain "demo"
certs come up over and over.) Another 35% are CA signed, but contain
errors, like incomplete chains or expired certs. Of the 15% where the
certificate chain is valid, half don't match the MX name. So -- only 7%
to 8% of all MX domains that implement TLS do so correctly. Note that
Postini's outbound service is heavily biased towards B-to-B.

A useful survey, thanks. Did you check certificates against both the
hostname and the mail domain?

Tony.
-- 
f.anthony.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
FITZROY: NORTH OR NORTHWEST 5 TO 7, PERHAPS GALE 8 LATER. ROUGH OR VERY ROUGH.
RAIN OR SQUALLY SHOWERS. MODERATE OR GOOD.

<Prev in Thread] Current Thread [Next in Thread>