Brandon, Thank you for your efforts.
Kirk From: Brandon Long [mailto:bl...@google.com] Sent: Thursday, March 31, 2016 9:10 PM To: Franck Martin <fmar...@linkedin.com> Cc: Kirk MacDonald <kirk.macdon...@corp.eastlink.ca>; mailop@mailop.org Subject: Re: [mailop] Gmail red open padlock composing message I've pinged the team to see what the update is, but my guess is it's a daily log processing job, so we have to actually send you mail to validate it. Looks like you enabled it between 5-6am PDT, not sure what their cut-off is for percentage success or what, so it might be two days for your traffic to reach the tls ratio threshold. Brandon On Thu, Mar 31, 2016 at 12:06 PM, Franck Martin via mailop <mailop@mailop.org<mailto:mailop@mailop.org>> wrote: I wanted to add, make sure you have compatible ciphers, you may have enabled STARTTLS but if you cannot negotiate a cypher, then the point is moot ;) A packet capture when STARTTLS is initiated will tell you what ciphers are offered and which one is negotiated. On Thu, Mar 31, 2016 at 12:03 PM, Franck Martin <fmar...@linkedin.com<mailto:fmar...@linkedin.com>> wrote: I guess, once they have positive data on your domain, they should update the icon: https://www.google.com/transparencyreport/saferemail/#search=eastlink.ca On Thu, Mar 31, 2016 at 9:38 AM, Kirk MacDonald <kirk.macdon...@corp.eastlink.ca<mailto:kirk.macdon...@corp.eastlink.ca>> wrote: With thanks to Google for pushing the cause, I implemented STARTTLS functionality on my org’s MX (as well as outbound SMTP with opportunistic STARTTLS). Does anyone have any insight into how long it might take Gmail to acknowledge the STARTTLS availability when composing a new message to a domain at my org, and consequently not show the red unlocked padlock in the compose message UI? I am assuming that for “known” domains Gmail caches results for STARTTLS availability, rather than testing each time a message is composed. The TTL in DNS for the MX record of the domain(s) has long since passed. My own personal testing seems to indicate I didn’t do anything terribly stupid when implementing STARTTLS at the MX. Kirk MacDonald System Administrator Internet Eastlink _______________________________________________ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop