Loading ...
Sorry, an error occurred while loading the content.

Encryption between mail servers

Expand Messages
  • RenĂ© van den Berg
    Can anybody provide me with a percentage of email that is sent encrypted between mail servers. Thanks !!
    Message 1 of 7 , Feb 28 3:15 PM
    • 0 Attachment
      Can anybody provide me with a percentage of email that is sent
      encrypted between mail servers.

      Thanks !!
    • Victor Duchovni
      ... Which mail servers? -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To
      Message 2 of 7 , Feb 28 3:17 PM
      • 0 Attachment
        On Wed, Feb 28, 2007 at 01:15:28PM -1000, Ren? van den Berg wrote:

        > Can anybody provide me with a percentage of email that is sent
        > encrypted between mail servers.

        Which mail servers?

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      • RenĂ© van den Berg
        In general all mail servers that are used on the Internet, not only Postfix. I know allot of servers support SSL SMTP on port 465 but how many actual are using
        Message 3 of 7 , Feb 28 3:26 PM
        • 0 Attachment
          In general all mail servers that are used on the Internet, not only
          Postfix. I know allot of servers support SSL SMTP on port 465 but how
          many actual are using it if both sides support it?

          On 2/28/07, Victor Duchovni <Victor.Duchovni@...> wrote:
          > On Wed, Feb 28, 2007 at 01:15:28PM -1000, Ren? van den Berg wrote:
          >
          > > Can anybody provide me with a percentage of email that is sent
          > > encrypted between mail servers.
          >
          > Which mail servers?
          >
          > --
          > Viktor.
          >
          > Disclaimer: off-list followups get on-list replies or get ignored.
          > Please do not ignore the "Reply-To" header.
          >
          > To unsubscribe from the postfix-users list, visit
          > http://www.postfix.org/lists.html or click the link below:
          > <mailto:majordomo@...?body=unsubscribe%20postfix-users>
          >
          > If my response solves your problem, the best way to thank me is to not
          > send an "it worked, thanks" follow-up. If you must respond, please put
          > "It worked, thanks" in the "Subject" so I can delete these quickly.
          >
        • Steven F Siirila
          ... If we did support it, we d support it on the standard port (25) using STARTTLS, not the deprecated port 465. -- Steven F. Siirila Office: Lind Hall, Room
          Message 4 of 7 , Feb 28 3:29 PM
          • 0 Attachment
            On Wed, Feb 28, 2007 at 01:26:57PM -1000, Ren van den Berg wrote:
            > In general all mail servers that are used on the Internet, not only
            > Postfix. I know allot of servers support SSL SMTP on port 465 but how
            > many actual are using it if both sides support it?

            If we did support it, we'd support it on the standard port (25) using
            STARTTLS, not the deprecated port 465.

            --

            Steven F. Siirila Office: Lind Hall, Room 130B
            Internet Services E-mail: sfs@...
            Office of Information Technology Voice: (612) 626-0244
            University of Minnesota Fax: (612) 626-7593
          • Victor Duchovni
            ... There is no way to know without intercepting all Internet email traffic and parsing SMTP at least up through STARTTLS . Perhaps the people who have access
            Message 5 of 7 , Feb 28 4:53 PM
            • 0 Attachment
              On Wed, Feb 28, 2007 at 01:26:57PM -1000, Ren? van den Berg wrote:

              > >> Can anybody provide me with a percentage of email that is sent
              > >> encrypted between mail servers.
              > >
              > >Which mail servers?
              >
              > In general all mail servers that are used on the Internet, not only
              > Postfix. I know allot of servers support SSL SMTP on port 465 but how
              > many actual are using it if both sides support it?

              There is no way to know without intercepting all Internet email traffic
              and parsing SMTP at least up through "STARTTLS". Perhaps the people who
              have access to Echelon data can give a good estimate, but they are not
              likely to share...

              The Internet is not sufficiently homogeneous in this regard for
              smaller samples to provide meaningful guidance. Do you want B2B
              traffic, B2C traffic, person-to-person traffic, Hotmail? Gmail? Which
              countries? ... Each case looks rather different.

              --
              Viktor.

              Disclaimer: off-list followups get on-list replies or get ignored.
              Please do not ignore the "Reply-To" header.

              To unsubscribe from the postfix-users list, visit
              http://www.postfix.org/lists.html or click the link below:
              <mailto:majordomo@...?body=unsubscribe%20postfix-users>

              If my response solves your problem, the best way to thank me is to not
              send an "it worked, thanks" follow-up. If you must respond, please put
              "It worked, thanks" in the "Subject" so I can delete these quickly.
            • Matthias Leisi
              ... I did a survey of about 1 000 domains from my log last year (details at [1], in german). Similar to a survey from the University of applied sciences in
              Message 6 of 7 , Mar 1, 2007
              • 0 Attachment
                > On Wed, Feb 28, 2007 at 01:15:28PM -1000, Ren? van den Berg wrote:
                >
                >> Can anybody provide me with a percentage of email that is sent
                >> encrypted between mail servers.
                >
                > Which mail servers?

                I did a survey of about 1'000 domains from my log last year (details at
                [1], in german). Similar to a survey from the University of applied
                sciences in Zurich in 2004 [2] (for actvie .ch and .li domains), I found
                about 30% of the mailservers offer TLS -- for various values of "offering"
                (certificates from home-grown or "well-known" CAs, CN [not] matching the
                MX name etc).

                More interesting than the number/ratio of mailservers would be the ratio
                of mail volume (after spamfiltering for incoming messages, or generally
                for outgoing), and this will highly depend on the usage pattern (eg retail
                vs. business-to-business communication).

                What such surveys are obviously not able to find out is to what degree the
                use of TLS encryption and certificate verification is enforced by the
                remote end (eg, will it let mail to example.com pass through even if the
                certificate verification failed).

                -- Matthias

                [1] http://matthias.leisi.net/archives/156-TLS-Nutzung-Wer,-Wo,-Was.html
                [2] Used to be at http://security.zhwin.ch/infoweek.pdf but this seems to
                be gone; referenced in
                http://matthias.leisi.net/archives/162-Mehr-TLS-Statistik.html (also in
                german)
              • Victor Duchovni
                ... http://www.postfix.org/TLS_README.html#client_tls_limits Authentication with SMTP TLS is overwhelmingly the exception, not the rule. -- Viktor. Disclaimer:
                Message 7 of 7 , Mar 1, 2007
                • 0 Attachment
                  On Thu, Mar 01, 2007 at 09:54:55AM +0100, Matthias Leisi wrote:

                  > What such surveys are obviously not able to find out is to what degree the
                  > use of TLS encryption and certificate verification is enforced by the
                  > remote end (eg, will it let mail to example.com pass through even if the
                  > certificate verification failed).

                  http://www.postfix.org/TLS_README.html#client_tls_limits

                  Authentication with SMTP TLS is overwhelmingly the exception, not the rule.

                  --
                  Viktor.

                  Disclaimer: off-list followups get on-list replies or get ignored.
                  Please do not ignore the "Reply-To" header.

                  To unsubscribe from the postfix-users list, visit
                  http://www.postfix.org/lists.html or click the link below:
                  <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                  If my response solves your problem, the best way to thank me is to not
                  send an "it worked, thanks" follow-up. If you must respond, please put
                  "It worked, thanks" in the "Subject" so I can delete these quickly.
                Your message has been successfully submitted and would be delivered to recipients shortly.