On Wed, Jul 20, 2011 at 2:53 AM, Tony Godshall <t...@of.net> wrote: > Any downside to letting your adversary know what domains you are > emailing to? Well, the mice probably don't want the octopus know that > they are emailing via @octopusnotsogreat.org? But then again SMTP > itself is not encrypted either...
There is an opportunistic SSL-based encryption option for SMTP. http://tools.ietf.org/html/rfc3207 Any two servers with that set up will automatically encrypt all mail transfers. If the Box runs a mail server, I'd say enabling that is a no-brainer. The only question is whether, when the other server does not support it, the Box should proceed with unencrypted transfer, or bounce the mail back to the user with some "cannot send securely" message, or try some alternate routing method. There's also "Using TLS with IMAP, POP3 and ACAP" http://tools.ietf.org/html/rfc2595 That covers the client-to-server transfer of mail. If the Box runs a mail server, that's another obvious requirement. _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss