On 22/05/18 15:47, Al Iverson wrote: > Are folks disabling TLS1.0 support in SMTP? Our security team has > asked, but I'm a bit concerned about potential failure cases when > trying to deliver mail to smaller corporate sites that might be doing > stuff like requiring TLS but supporting 1.0 only....is that really > much of a concern?
Perspective from a small corporate who runs their own mail, A quick dip in our logs suggests disabling TLS1.0 would cut off a fair few of our decent customers. Inbound and outbound. By the look of it, mainly exchange mailsystems. A lot of them kind of IT companies, so not sure whether they would appreciate a call saying `you need to upgrade`. Turns out we also have 1 big customer who doesn't support TLS for mail at all. Lets see what they say. Everything else plain text is spam or `newsletters`. (Certainly my experience of contacting our customers who are using HTTP API clients that can't talk TLS1.2 has been general indifference. I'm hoping when their payments providers cut them off at the PCI deadline, I can cut them off too.) I've also been looking at whether we can deploy dmarc. We've published SPF and DKIM stuff for years. But the reports that come back suggest a lot of our customers doing dodgy mailforwarding. (there is no easy answer) Tim _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
