Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] The missing awareness: SMTP Security Indicator in Email|WebMail clients

malte at wk3.org malte at wk3.org
Sun Nov 1 08:39:29 PST 2015


Quoting Fabio Pietrosanti (naif) - lists (2015-10-31 20:02:21)

> so, the in-transit email encryption problem isn't yet solved.
> 
> The uses of opportunistic encryption with SMTP STARTTLS help, but also
> this is out of the end-user control.

I think mail providers should stop accepting starttls opportunisticly,
but should start requiring it.

mailbox.org does it via the @secure.mailbox.org aliases, I do it in
general (f*ck you Dreamhost, I don't want your shabby unencrypted mail),
others might follow.

For Postfix it's really just setting

smtpd_tls_security_level = encrypt
and
smtp_tls_security_level = encrypt
(instead of "may")

in /etc/postfix/main.cf


Sincerely,

Malte



More information about the liberationtech mailing list