On 2021-01-06 20:10, Tim Bray via mailop wrote: > My thoughts are `time for mail operators to pull their fingers out and > upgrade`. Because we are really saying `upgrade to something less than > 8 years old`
I fully agree. The state of TLS in the mail world is quite sad and it would be great if we could all agree on actually keeping our systems up to date... The problem is that it's not a system that I or you control that need updating, it's someone else's. And our business model is not "internet compliance police" it's providing a service that (among other things...) delivers emails that our customers want to send, and as long as the big giants in the industry are not the ones initiating this type of change, the reaction from customers whose mail we can't deliver will usually be one of "I don't care about security", "I'm just sending a picture of my cat so security doesn't matter for this particular mail" or "but (gmail|hotmail|yahoo) could send mails to this address perfectly fine so why can't you?" The day gmail stops delivering to servers with legacy SSL I'll be happy to do the same. On 2021-01-06 18:36, Brandon Long via mailop wrote: > Does the above mean that it will fail DKIM keys less than 2048 will > fail? That's likely the larger issue. That's a good question. I don't handle any < 2048 bit DKIM keys on any Ubuntu 20.04 server (yet) so can't give an answer to that right away at least... But now I'm curious to test... -- BR/Mvh. Dan Malm, Systems Engineer, One.com _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
