On Tue, 2018-05-22 at 10:47 -0400, Al Iverson wrote: > Are folks disabling TLS1.0 support in SMTP? Our security team has > asked, but I'm a bit concerned about potential failure cases when > trying to deliver mail to smaller corporate sites that might be doing > stuff like requiring TLS but supporting 1.0 only....is that really > much of a concern?
That is a bad idea. There are still enough places using it that blocking it will just introduce problems, including as Steve mentioned, unnecessary unencrypted mailstreams. A grep just told me that the biggest "offenders" on our MX for the last 4 weeks include 2 multinationals, a telco and a certain DMARC related mailing list that we're all on. The PCI DSS gave it a reprieve until the end of June this year so maybe things will change as part of that compliance process. Ken. -- Ken O'Driscoll / We Monitor Email t: +353 1 254 9400 | w: www.wemonitoremail.com Need to understand deliverability? Now there's a book: www.wemonitoremail.com/book _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop