From: "Dave Täht" <dave@taht.net>
To: Juliusz Chroboczek <jch@pps.univ-paris-diderot.fr>
Cc: bloat@lists.bufferbloat.net
Subject: Re: [Bloat] STARTTLS [was: nearly 5 years of bufferbloat.net]
Date: Wed, 27 Jan 2016 10:48:24 -0800 [thread overview]
Message-ID: <56A910F8.7080809@taht.net> (raw)
In-Reply-To: <7imvrrt02y.wl-jch@pps.univ-paris-diderot.fr>
On 1/27/16 9:16 AM, Juliusz Chroboczek wrote:
>> http://the-edge.taht.net/post/starttls_considered_helpful/
>
> Did you bounce mail when the first MX contacted didn't do STARTTLS, or did
> you bounce when none of the MXes for a domain supported it? In other
> words, did you treat lack of STARTTLS as a transient or permanent error?
Postfix when set to encrypt always treats lack of TLS support on the
other exchanger(s) as a transient error, and retries by default for 3
days.
Example:
Jan 27 17:16:11 mail postfix/smtp[10770]: 801CD21331:
to=<oneofmystillannoyedcorrespondents@conman.org>,
relay=brevard.conman.org[elided]:25, delay=67644, delays=67640/0.01/4/0, dsn
=4.7.4, status=deferred (TLS is required, but was not offered by host
brevard.conman.org[elided])
So this made it safer to temporarily make it mandatory, do email for a
few hours, get who failed out of my logs, craft the email to those
failing, then relax the defaults for starttls back to "may".
google reports that 82% of their outbound email and only 58% of their
inbound email is covered by starttls, and there are distinct regional
differences... notably, free.fr in your region is not using starttls on
inbound at all, it seems. Ton of data at:
https://www.google.com/transparencyreport/saferemail/
And sadly, the growth curve for uptake in the past year appears flat.
prev parent reply other threads:[~2016-01-27 18:45 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-26 23:16 [Bloat] nearly 5 years of bufferbloat.net Dave Täht
2016-01-27 17:16 ` [Bloat] STARTTLS [was: nearly 5 years of bufferbloat.net] Juliusz Chroboczek
2016-01-27 18:48 ` Dave Täht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/bloat.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56A910F8.7080809@taht.net \
--to=dave@taht.net \
--cc=bloat@lists.bufferbloat.net \
--cc=jch@pps.univ-paris-diderot.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox