So, yes, requiring TLS after the message was already sent in plaintext is less perfect than the alternative, it does have the benefit of informing and usually getting things fixed.
Ie, if you assume that it corrects future failures, than its still useful. It's also a fallback, you can enforce certain senders are encrypted before they send content, but if you also enforce it for say content containing SSN or CC numbers, it'll inform and find other bad senders. Still no clue what this particular policy is, though. Brandon On Mar 16, 2017 7:44 AM, "Paul Smith" <p...@pscs.co.uk> wrote: > On 16/03/2017 14:18, Kevin Huxham wrote: > > they probably sell fax machines. > > > Their response is a bit like someone sending them credit card details on a > postcard, and them tearing it up (because you shouldn't send confidential > information on postcards) and asking the sender to send the details again, > but put them in an envelope next time. > > It's totally ignoring the fact that it's too late by then... (and the fact > that the envelope will be opened by the mail boy (Google in this case) so > the confidential information will still be visible by unspecified eyes > after arrival). > > > > -K > > On Thu, Mar 16, 2017 at 1:50 AM, Brandon Long via mailop < > mailop@mailop.org> wrote: > >> That's a custom rejection message set by that GSuite customer, no clue >> what policy they set. >> >> Brandon >> >> On Mar 15, 2017 9:35 PM, "Seth Mattinen" <se...@rollernet.us> wrote: >> >>> Here's one I'm hoping someone can tell me I'm missing something obvious: >>> Google is rejecting a TLS connection with an error saying to use TLS, but >>> the connection is indeed using TLS. >>> >>> >>> 2017-03-15T21:03:15.960985-07:00 smtpauth postfix/smtp[14716]: Trusted >>> TLS connection established to aspmx.l.google.com[2607:f8b0:400e:c06::1a]:25: >>> TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) >>> >>> 2017-03-15T21:03:17.241821-07:00 smtpauth postfix/smtp[14716]: >>> E6AB62800049: to=<x...@x.net> <x...@x.net>, >>> relay=aspmx.l.google.com[2607:f8b0:400e:c06::1a]:25, >>> delay=5.3, delays=3.1/0/0.93/1.2, dsn=5.7.1, status=bounced (host >>> aspmx.l.google.com[2607:f8b0:400e:c06::1a] said: 550-5.7.1 Your email >>> has been rejected because it violates X X 550-5.7.1 security policy. >>> Potential sensitive data was found in the email 550-5.7.1 and/or attachment >>> and your email server does not support TLS 550-5.7.1 encryption. Please use >>> and alternate method of delivery such as fax 550 5.7.1 or a different email >>> provider that supports TLS. - gcdp X.124 - gsmtp (in reply to end of DATA >>> command)) >>> >>> >>> What am I missing other than the suggested fax? >>> >>> ~Seth >>> >>> _______________________________________________ >>> mailop mailing list >>> mailop@mailop.org >>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >>> >> >> _______________________________________________ >> mailop mailing list >> mailop@mailop.org >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >> >> > > > _______________________________________________ > mailop mailing > listmailop@mailop.orghttps://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
