Hi
On Wed, Jul 12, 2023 at 01:00:43AM +0300, Taavi Eomäe via mailop wrote:
> On 11/07/2023 20:43, Bastian Blank via mailop wrote:
> > Given that this host only reacts on port 25 but not on port 587, I
> > assume this is MX.
> Ideally one would offer implicit TLS on port 465 as well (RFC8314).
But this RFC talks about submission of e-mail, exactly not what this
thread is about.
> > You are talking about MX, which is unauthenticated in the absence of DANE.
> There's also MTA-STS, which doesn't rely on DNSSEC and introduce operational
> complexity.
This, the same way as DANE, asks the client to do authentication. So it
is not included in my statement. And in that case the client enforces
more strict rules normally.
Bastian
--
We Klingons believe as you do -- the sick should die. Only the strong
should live.
-- Kras, "Friday's Child", stardate 3497.2
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
