On 26/08/2020 21:33, Scott Mutter via mailop wrote:
I just wanted to gauge what other mail server administrators were
doing in regards to this. The response is kind of what i expected,
but the shift in wanting TLS and encryption on every connection, kind
of made me question what the response would be.
My mail admin is for a small corporate.
I did some work last year and at the start of this year to look at the
mix of TLS favours and not TLS we get.
Majority of email using TLS1.2 or better.
We did find 3 or 4 regular customers and suppliers stuck with TLSv1.
Usually onsite MS exchange servers. We had a chat and they all
upgraded pretty sharpish. (not sure what their IT support people have
been doing for the past many years)
Inbound, almost everything useful has some kind of TLS. Exceptions are a
mailinglist a few people are subscribed to.
Outbound, less so.
I decided we would miss out on orders and enquiries if we mandated
TLS1.2. We publish MTA-STS.
I did wonder whether I could look at changing inbound subjects to
`insecure` for email delivered with less than TLSv1.2
I'm not sure how much effort I want to put into contacting all our
customers to tell them to sort their stuff out
My advice for everybody is to pop over to https://internet.nl/ and test
your email domains. And your friends, customers, people you deal with.
Then test an inbound email at https://ssl-tools.net/mailservers
https://www.hardenize.com/ is pretty good as well.
--
Tim Bray
Huddersfield, GB
t...@kooky.org
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop