[Top] [All Lists]

Re: [ietf-smtp] Possible cont4ibution to moving forward with RFC5321bis SMTP

2019-12-26 16:37:36
On Dec 26, 2019, at 5:03 PM, Keith Moore 
<moore(_at_)network-heretics(_dot_)com> wrote:

To me it seems that all of this should be out-of-scope for 5321bis, or that 
the only mention of this in 5321bis should be to declare such things 
out-of-scope.   Requiring hop-by-hop encryption would be the most disruptive 
change in the history of SMTP, I think, far more so than EHLO.

It may well be too soon to *mandate* TLS, but we could perhaps MUST a
RECOMMENDED or a SHOULD for inter-domain relay of email.

Also SUBMIT on 587 is widely encrypted, and, for exampl, last 6 months of
Gmail's stats show north of 90% use of TLS, with a slightly more support
for TLS from client to server (inbound to Gmail) than at the server
(outbound from Gmail):;end:1577318400000;series:outbound&lu=encrypt_out&encrypt_in=start:1560988800000;end:1577318400000;series:inbound

What's sometimes left unencrypted is:

  1. Submission and relay on "internal" networks, and

  2. A diminishing, but not yet negligible fraction of
     inter-domain relay traffic.

I don't think it would be unreasonable at this point to consider
at least "RECOMMENDED", and perhaps a "SHOULD" for use of STARTTLS
for case "2".

We could perhaps even "RECOMMEND" DANE and/or MTA-STS, but adoption
is much thinner for both[1].


I see 1.73 million DANE domains, and O(500) domains with MTA-STS DNS records.

DANE presently covers 2-3 orders of magnitude more domains, while MTA-STS
likely covers 1-2 orders of magnitude more users, given the user count of
Gmail vs.,,, ...).

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>