From: ietf1(_at_)ietf(_dot_)org
Reply-to: karn(_at_)qualcomm(_dot_)com
"ietf1(_at_)ietf(_dot_)org"?
I've been meaning to ask about that. If the goal is to avoid
Microsoft out-of-office noise and other hassles, wouldn't
nobody(_at_)qualcomm(_dot_)com or some other obvious bit bucket be better?
...
I actually encountered an ISP that does this. ...
Hasn't AOL been running SMTP redirection proxies for their IP customers
for years?
25 and redirecting them to their own mailservers. They didn't support
STARTTLS, and even if they did there is no reason I should trust them.
It did teach me the importance of protecting against the
man-in-the-middle attack. This is not often done, at least not by
default, in many STARTTLS implementations.
Which STARTTLS are those that cannot be told to check certificates?
By default sendmail only says "verify=FAIL" in the received header when
the authentication part fails, but I think I recall a sendmail.cf
switch that says "refuse mail without a good certificate."
Vernon Schryver vjs(_at_)rhyolite(_dot_)com