On 7/25/2017 8:14 AM, Vladimir Dubrovin via mailop wrote:
STARTTLS is opportunistic and doesn't protect against active Man-in-the-Middle. In case of TLS problems it falls back to plain text.
Interestingly, that's not always the case now. We typoed the cert on one of our list servers earlier this year, and discovered that Google outbound SMTP will not downgrade from TLS to plain text. If you offer STARTTLS and then break the handshake, they bounce the mail. I presume that it's a protection against downgrade attacks, but that's just a guess.
--Ted _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop