* [Bloat] nearly 5 years of bufferbloat.net @ 2016-01-26 23:16 Dave Täht 2016-01-27 17:16 ` [Bloat] STARTTLS [was: nearly 5 years of bufferbloat.net] Juliusz Chroboczek 0 siblings, 1 reply; 3+ messages in thread From: Dave Täht @ 2016-01-26 23:16 UTC (permalink / raw) To: bloat and I needed to take a break from it. For your bemusement, see: http://the-edge.taht.net/post/starttls_considered_helpful/ Anyone have any ideas as to what to do this year? Only things I can think of are: move: bufferbloat.net to new hosting finish: cake, the ietf drafts start: make-wifi-fast I'd like to somehow get a long term bufferbloat trendline from dslreports. That's it. What else would be worth doing? ^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bloat] STARTTLS [was: nearly 5 years of bufferbloat.net] 2016-01-26 23:16 [Bloat] nearly 5 years of bufferbloat.net Dave Täht @ 2016-01-27 17:16 ` Juliusz Chroboczek 2016-01-27 18:48 ` Dave Täht 0 siblings, 1 reply; 3+ messages in thread From: Juliusz Chroboczek @ 2016-01-27 17:16 UTC (permalink / raw) To: Dave Täht; +Cc: bloat > http://the-edge.taht.net/post/starttls_considered_helpful/ Did you bounce mail when the first MX contacted didn't do STARTTLS, or did you bounce when none of the MXes for a domain supported it? In other words, did you treat lack of STARTTLS as a transient or permanent error? -- Juliusz ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Bloat] STARTTLS [was: nearly 5 years of bufferbloat.net] 2016-01-27 17:16 ` [Bloat] STARTTLS [was: nearly 5 years of bufferbloat.net] Juliusz Chroboczek @ 2016-01-27 18:48 ` Dave Täht 0 siblings, 0 replies; 3+ messages in thread From: Dave Täht @ 2016-01-27 18:48 UTC (permalink / raw) To: Juliusz Chroboczek; +Cc: bloat On 1/27/16 9:16 AM, Juliusz Chroboczek wrote: >> http://the-edge.taht.net/post/starttls_considered_helpful/ > > Did you bounce mail when the first MX contacted didn't do STARTTLS, or did > you bounce when none of the MXes for a domain supported it? In other > words, did you treat lack of STARTTLS as a transient or permanent error? Postfix when set to encrypt always treats lack of TLS support on the other exchanger(s) as a transient error, and retries by default for 3 days. Example: Jan 27 17:16:11 mail postfix/smtp[10770]: 801CD21331: to=<oneofmystillannoyedcorrespondents@conman.org>, relay=brevard.conman.org[elided]:25, delay=67644, delays=67640/0.01/4/0, dsn =4.7.4, status=deferred (TLS is required, but was not offered by host brevard.conman.org[elided]) So this made it safer to temporarily make it mandatory, do email for a few hours, get who failed out of my logs, craft the email to those failing, then relax the defaults for starttls back to "may". google reports that 82% of their outbound email and only 58% of their inbound email is covered by starttls, and there are distinct regional differences... notably, free.fr in your region is not using starttls on inbound at all, it seems. Ton of data at: https://www.google.com/transparencyreport/saferemail/ And sadly, the growth curve for uptake in the past year appears flat. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-01-27 18:45 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-01-26 23:16 [Bloat] nearly 5 years of bufferbloat.net Dave Täht 2016-01-27 17:16 ` [Bloat] STARTTLS [was: nearly 5 years of bufferbloat.net] Juliusz Chroboczek 2016-01-27 18:48 ` Dave Täht
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox