Loading ...
Sorry, an error occurred while loading the content.

Re: Encryption between mail servers

Expand Messages
  • Matthias Leisi
    ... I did a survey of about 1 000 domains from my log last year (details at [1], in german). Similar to a survey from the University of applied sciences in
    Message 1 of 7 , Mar 1, 2007
    • 0 Attachment
      > On Wed, Feb 28, 2007 at 01:15:28PM -1000, Ren? van den Berg wrote:
      >
      >> Can anybody provide me with a percentage of email that is sent
      >> encrypted between mail servers.
      >
      > Which mail servers?

      I did a survey of about 1'000 domains from my log last year (details at
      [1], in german). Similar to a survey from the University of applied
      sciences in Zurich in 2004 [2] (for actvie .ch and .li domains), I found
      about 30% of the mailservers offer TLS -- for various values of "offering"
      (certificates from home-grown or "well-known" CAs, CN [not] matching the
      MX name etc).

      More interesting than the number/ratio of mailservers would be the ratio
      of mail volume (after spamfiltering for incoming messages, or generally
      for outgoing), and this will highly depend on the usage pattern (eg retail
      vs. business-to-business communication).

      What such surveys are obviously not able to find out is to what degree the
      use of TLS encryption and certificate verification is enforced by the
      remote end (eg, will it let mail to example.com pass through even if the
      certificate verification failed).

      -- Matthias

      [1] http://matthias.leisi.net/archives/156-TLS-Nutzung-Wer,-Wo,-Was.html
      [2] Used to be at http://security.zhwin.ch/infoweek.pdf but this seems to
      be gone; referenced in
      http://matthias.leisi.net/archives/162-Mehr-TLS-Statistik.html (also in
      german)
    • Victor Duchovni
      ... http://www.postfix.org/TLS_README.html#client_tls_limits Authentication with SMTP TLS is overwhelmingly the exception, not the rule. -- Viktor. Disclaimer:
      Message 2 of 7 , Mar 1, 2007
      • 0 Attachment
        On Thu, Mar 01, 2007 at 09:54:55AM +0100, Matthias Leisi wrote:

        > What such surveys are obviously not able to find out is to what degree the
        > use of TLS encryption and certificate verification is enforced by the
        > remote end (eg, will it let mail to example.com pass through even if the
        > certificate verification failed).

        http://www.postfix.org/TLS_README.html#client_tls_limits

        Authentication with SMTP TLS is overwhelmingly the exception, not the rule.

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      Your message has been successfully submitted and would be delivered to recipients shortly.