On Fri, Jan 13, 2017 at 06:35:43AM -0800, Alice Wonder wrote:
> I run a mail server with a public MX that refuses insecure connections.
If you're willing to not receive mail from a considerable number
of legitimate non-TLS sending domains, then yes, you can insist
on TLS, then yes, you can insist on TLS.
> Yes it technically breaks the RFC but it also gets far far far far less spam
> than any other public MX server I run.
Less mail => less spam. All my spam arrives via TLS (419 scams
sent via one of the large free mailbox providers), and there even
appears to a large Brazilian snowshoe spam operation whose domains
have DANE TLSA records.
The correlation between lack of TLS support and spam is not very
strong. What works well enough for you is unlikely to work well
for most users.
--
Viktor.
