View Single Post
Old 16 Oct 2016, 10:59 AM   #301
dgcom
Junior Member
 
Join Date: Jan 2010
Location: US, New Jersey
Posts: 22
The original post, which started all this discussion was about your MX SMTP servers and not about your client submission servers - those are good and anyone can check themselves easily:
Quote:
openssl s_client -connect smtp.fastmail.com:587 -starttls smtp -ssl3
This command should fail to connect. More tests can be done at https://pentest-tools.com/network-vu...er-online-nmap

But let's go back to MX SMTP servers - the is no doubt that all servers support unencrypted connection, however I state that IF connection is encrypted, it should not:
  • Allow fall back to unencrypted
  • Support the same encryption level as client SMTP sevrer
That's what FastMail competitors do.
And that marketing blurb was not relevant to the issue.

I would understand if ChinaLamb would respond with clear explanation that SSLv3 with weak ciphers is only for server-to-server transport and is set up that way to maximize compatibility.
But no, ChinaLamb ended up saying that poster's fault in not understanding "marketing speech":
Quote:
If you want to understand about security, you need to understand that post. It is the entire reason this service is different than others.
Very unprofessional, if you ask me.
And yes, FastMail is different - providing less secure SMTP transport options than others - in order to be more compatible... But why? To get more spam? Because those broken MX SMTP servers out there are more prone to be hacked and start sending spam...
dgcom is offline   Reply With Quote