How many mail operators out there are forcing outbound SMTP communications to use TLS? Is this a common practice now? I know secure everything and TLS everywhere is a popular movement at this moment.
I've noticed that Constant Contact (constantcontact.com - at least the mail server at 205.207.104.108) and yahoo.co.jp (67.195.204.74) don't appear to be accepting STARTTLS. Is that strange? yahoo.com appears to handle STARTTLS but yahoo.co.jp does not. There may be other country/region specific Yahoo domains that don't. I'm just wondering if that is common. Perhaps the administrators of these mail servers are unaware of this? Constant Contact - whose primary purpose would seem to be to insure mail delivering - not accepting STARTTLS seems extremely strange. I've been toying with the idea of forcing outbound SMTP connections to use TLS, but thought I'd take a quick look and see who might miss mail if this done. It looks like most mail servers handle TLS, I haven't extended this test to a lot of servers yet so it may just be that the mail servers I have enacted this on are small volume senders. I should note, forcing TLS is different from preferring TLS. I think a lot of MTAs (at least Exim, I think?) prefer TLS and will attempt to negotiate a STARTTLS session, but if that fails, then it will continue without TLS. By forcing TLS, I'm telling my server to close the connection if a STARTTLS session can't be started. Are any other mail server admins doing this? Or is it still too early to require this?
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop