John Peacock wrote:
On a more pragmatic note: do we have any evidence whatsoever that spammers are using TLS at all? This may be a completely theoretical exercise, since AFAIK, all standard MTA's will switch to TLS as soon as the received the EHLO prompt, in which case there is no transaction information at all (that is if they are configured to use TLS at all).
Yes. Lots of spammers use it, mostly perhaps without knowing it. I don't know of any BOT-contained TLS, but my traps are _full_ of TLS connections, and it's not just blowback. Anybody spamming thru, for example, an auth-hacked TLS-enabled MTA will be doing TLS to whomever supports it. Or a fixed-position spammer using standard TLS-enabled MTAs. Etc.
