I realise gpg is needed for end-end mail security but more is better and gpg can be unsupported by the recipients client or difficult to get people to use.
I thought one day, everyone would be using starttls between mail servers as a better security baseline (though contrary to what's being said on the net, I'd prefer a traditional tls connection attempt on a separate port to be tried first, making it easier for clients to be sure of tls, if only to the first server). I understand that currently the rfcs state plain must be supported on publicly listed servers, but can anyone save me the trouble of delving into more rfcs and tell me if it's possible (atleast potentially) to use a mail proxy like nginx to negotiate starttls in front of spamd. I think that in other words I'm asking. Is the starttls supported keyword sent before spamd sends a 451 response just after the data command is received from the client Is the starttls supported keyword sent before or after spamd sends a 450 response to blacklisted hosts. I understand it is not really worth spending more than a little time on untill tls, more secure servers and more secure backup systems and clients are widespread and may even fool people into a false sense of security, like the blackberry often does. KeV