On 26/08/2020 21:33, Scott Mutter via mailop wrote:
I just wanted to gauge what other mail server administrators were doing in regards to this.  The response is kind of what i expected, but the shift in wanting TLS and encryption on every connection, kind of made me question what the response would be.

My mail admin is for a small corporate.

I did some work last year and at the start of this year to look at the mix of TLS favours and not TLS we get.

Majority of email using TLS1.2 or better.

We did find 3 or 4 regular customers and suppliers stuck with TLSv1.   Usually onsite MS exchange servers.   We had a chat and they all upgraded pretty sharpish.  (not sure what their IT support people have been doing for the past many years)

Inbound, almost everything useful has some kind of TLS. Exceptions are a mailinglist a few people are subscribed to.

Outbound, less so.

I decided we would miss out on orders and enquiries if we mandated TLS1.2.   We publish MTA-STS.

I did wonder whether I could look at changing inbound subjects to `insecure` for email delivered with less than TLSv1.2

I'm not sure how much effort I want to put into contacting all our customers to tell them to sort their stuff out


My advice for everybody is to pop over to https://internet.nl/ and test your email domains. And your friends, customers, people you deal with.

Then test an inbound email at https://ssl-tools.net/mailservers

https://www.hardenize.com/ is pretty good as well.


--
Tim Bray
Huddersfield, GB
t...@kooky.org


_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to