Re: Encryption between mail servers
> On Wed, Feb 28, 2007 at 01:15:28PM -1000, Ren? van den Berg wrote:I did a survey of about 1'000 domains from my log last year (details at
>> Can anybody provide me with a percentage of email that is sent
>> encrypted between mail servers.
> Which mail servers?
, in german). Similar to a survey from the University of applied
sciences in Zurich in 2004  (for actvie .ch and .li domains), I found
about 30% of the mailservers offer TLS -- for various values of "offering"
(certificates from home-grown or "well-known" CAs, CN [not] matching the
MX name etc).
More interesting than the number/ratio of mailservers would be the ratio
of mail volume (after spamfiltering for incoming messages, or generally
for outgoing), and this will highly depend on the usage pattern (eg retail
vs. business-to-business communication).
What such surveys are obviously not able to find out is to what degree the
use of TLS encryption and certificate verification is enforced by the
remote end (eg, will it let mail to example.com pass through even if the
certificate verification failed).
 Used to be at http://security.zhwin.ch/infoweek.pdf but this seems to
be gone; referenced in
http://matthias.leisi.net/archives/162-Mehr-TLS-Statistik.html (also in
- On Thu, Mar 01, 2007 at 09:54:55AM +0100, Matthias Leisi wrote:
> What such surveys are obviously not able to find out is to what degree thehttp://www.postfix.org/TLS_README.html#client_tls_limits
> use of TLS encryption and certificate verification is enforced by the
> remote end (eg, will it let mail to example.com pass through even if the
> certificate verification failed).
Authentication with SMTP TLS is overwhelmingly the exception, not the rule.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.