<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">In my opinion, the problem isn’t that great. As others have stated, you can locally enforce only STARTTLS on the receive connector or send connector locally to ensure that only encrypted transmission occurs. If the MTA doesn’t send/accept STARTTLS send an error message. That the host name is given, doesn’t really matter as most MiTM will still see IP SRC and IP DST so that’s given that transmission occurred. DNSSEC already will ensure the same IP, and RPKI can help on BGP hijacks, given this is still an ongoing process.<div class=""><br class=""></div><div class="">In my opinion, the major issue is data at rest which would rely on PGP, S/MIME, et al. Another option would be DMTP, like I emailed off list which encrypts even headers. My guess though is that if this gains traction, there will be a corresponding law like CALEA for LEO to intercept.<br class=""><div class=""><br class=""><div class=""><div class="">
<div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;">Sincerely,<br class=""><br class="">Eric Tykwinski<br class="">TrueNet, Inc.<br class="">P: 610-429-8300</div>
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On Jan 12, 2019, at 5:09 PM, Viruthagiri Thirumavalavan <<a href="mailto:giri@dombox.org" class="">giri@dombox.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">I'm not sure why are being angry here. <div class=""><br class=""></div><div class="">For the record, this conversation isn't about TLS on port 26. It's about STARTTLS downgrade protection on port 25. </div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Sun, Jan 13, 2019 at 3:33 AM Brian Kantor <<a href="mailto:Brian@ampr.org" class="">Brian@ampr.org</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">From this point forward, all mail containing the phrase "TLS on<br class="">
port 26" in the Subject line will be shunted into my junk mail box,<br class="">
unread, because I do not wish to see any more correspondence on<br class="">
this matter.<br class="">
<br class="">
'procmail' is my friend.<br class="">
- Brian<br class="">
<br class="">
<br class="">
On Sun, Jan 13, 2019 at 03:20:26AM +0530, Viruthagiri Thirumavalavan wrote:<br class="">
> Hello Mr. Levine,<br class="">
> [...]<br class="">
</blockquote></div><br clear="all" class=""><div class=""><br class=""></div>-- <br class=""><div dir="ltr" class="gmail_signature"><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div dir="ltr" class="">Best Regards,<div class=""><br class=""><div class="">Viruthagiri Thirumavalavan</div><div class=""><span style="font-size:12.8px" class="">Dombox, Inc.</span><br class=""></div></div></div></div></div></div></div>
</div></blockquote></div><br class=""></div></div></div></body></html>