On Sat, 2019-10-26 at 18:28 -0400, Keith Moore wrote:
Yes but IMO we should be moving toward a world in which TLS is mandatory for
SMTP relay. Clear guidance to implementors and operators on what TLS
versions, cert algorithms, and ciphersuites a client and server should
support, might help us get there.
(perhaps as a stepping stone, cleartext mail relay could be pessimized by
having servers randomly return 4xx in response to MAIL sent without TLS,
obsolete TLS, or weak ciphersuites, with the probability of such responses
increasing over time.)
There is no big difference in the penalty between randomly returning 4xx on
MAIL and randomly returning 4xx on RCPT and
the latter is effectively mail segmentation.
If random 4xx on MAIL as penalty for not offering reasonable TLS will help make
things better, will random mail
segmentation as penalty for senders not supporting PRDR, convince anybody to
ietf-smtp mailing list