My main question would be: what do you hope to gain? There are some legit senders who still use non-encrypted mail. And as long as we don't want to take on the tedious task of educating those senders or convincing our users that they don't want to get mail from those senders, we need to allow it. Disabling support for less secure transport encryption protocols doesn't increase security if the senders can then switch to unencrypted transport as a fallback.
If you're Google or Microsoft, you might be able to pull that off. Otherwise it only works if your users are willing to live with the consequences. FWIW, rejecting unencrypted connections also does reduce the amount of spam a little bit, but it's almost unnoticeable in my experience. Cheers, Hans-Martin 3. August 2022 13:34, "Sidsel Jensen via mailop" <mailop@mailop.org (mailto:mailop@mailop.org?to=%22Sidsel%20Jensen%20via%20mailop%22%20<mailop@mailop.org>)> schrieb: Hi MailOps We were having a discussion on the possibility to disable TLS 1.0 and 1.1 for MTA to MTA communication, and based on the numbers we've seen so far, it doesn't look that far fetched. What's the common consensus in the mail community about this currently? It's already been disabled for our customers towards fx. imap and smtp, and we all agree those pesky old versions should be phased out, sooner rather than later, but have you also disabled it for MTA to MTA communication as well or are you still considering it? And what scenarios are currently holding you back? And what about PLAIN - do you still allow that as the fallback option or are you also considering disabling that? I'm looking forward to read your replies :-) Kind Regards, Sidsel Jensen Architect of Deliverability and Abuse @ Open-Xchange
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
