View Single Post
Old 16 Oct 2016, 04:25 PM   #302
brong
The "e" in e-mail
 
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,666

Representative of:
Fastmail.fm
I'm not commenting on the opinions of people who aren't FastMail staff, their opinions are their own.

I will comment on this opinion though:

Quote:
Originally Posted by dgcom View Post
But let's go back to MX SMTP servers - the is no doubt that all servers support unencrypted connection, however I state that IF connection is encrypted, it should not:
  • Allow fall back to unencrypted
  • Support the same encryption level as client SMTP sevrer
That's what FastMail competitors do.
"IF connection is encrypted it should not allow fall back to unencrypted". That is meaningless. An active attacker can just remove the capability strings from the connection and make it appear that the destination server doesn't support encryption. You can't just "not allow fall back unencrypted" unless you don't offer unencrypted at all, which is why we don't offer unencrypted for IMAP/POP.

Likewise, the client can choose what level of security it's willing to require before it will send the email down the connection, so even if you offer less secure options, the client can choose not to continue with the SMTP transaction unless it got to a security level it's happy with.

I'd love to be able to turn off all the lower security options, but people want to be able to receive email from arbitrary senders. Our competitors may just fall back to plaintext, fine, but there's no actual security benefit to plaintext over deprecated ciphers - it's security theatre either way. Neither choice is objectively better.

The actual ciphers offered/used are useful datapoints for spam scanning, but rejecting the message outright is a bad user experience.
brong is offline   Reply With Quote