I wanted to add, make sure you have compatible ciphers, you may have enabled STARTTLS but if you cannot negotiate a cypher, then the point is moot ;)
A packet capture when STARTTLS is initiated will tell you what ciphers are offered and which one is negotiated. On Thu, Mar 31, 2016 at 12:03 PM, Franck Martin <fmar...@linkedin.com> wrote: > I guess, once they have positive data on your domain, they should update > the icon: > https://www.google.com/transparencyreport/saferemail/#search=eastlink.ca > > On Thu, Mar 31, 2016 at 9:38 AM, Kirk MacDonald < > kirk.macdon...@corp.eastlink.ca> wrote: > >> With thanks to Google for pushing the cause, I implemented STARTTLS >> functionality on my org’s MX (as well as outbound SMTP with opportunistic >> STARTTLS). >> >> >> >> Does anyone have any insight into how long it might take Gmail to >> acknowledge the STARTTLS availability when composing a new message to a >> domain at my org, and consequently not show the red unlocked padlock in the >> compose message UI? >> >> >> >> I am assuming that for “known” domains Gmail caches results for STARTTLS >> availability, rather than testing each time a message is composed. The TTL >> in DNS for the MX record of the domain(s) has long since passed. My own >> personal testing seems to indicate I didn’t do anything terribly stupid >> when implementing STARTTLS at the MX. >> >> >> >> >> >> *Kirk MacDonald System Administrator* >> Internet >> Eastlink >> >> >> >> _______________________________________________ >> mailop mailing list >> mailop@mailop.org >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >> >> >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
