[Ach] Fwd: E-Mail Protocol Security Measurements

micah micah at riseup.net
Tue Jul 28 21:21:54 CEST 2015


Aaron Zauner <azet at azet.org> writes:

>> Maybe you should have a look at how many of the servers that support
>> SMTPS do not support STARTTLS on port 25 (MTA) or 287 (MSA)? Or put
>> differently: Is there still any valid reason to offer 465? According to
>> my limited experience there isn't. But OTOH I do not run a big mail
>> provider.
>
> 465 has been deprecated by IANA back a long time ago ('98 if I remember
> correctly). You should use 587.
>
> Implicit TLS is still a better choice than STARTTLS im my opinion
> (stripping, filtering..).

I dont understand why both XMPP and SMTP decided to go the route of
deprecating tls-wrapped options and instead only do STARTTLS. This seems
like a wrong approach.

Even though 465 was deprecated by the IANA a long time ago, its still
widely used for wrapped TLS. In fact, I use it for that purpose because
I dont want to support a downgrade attack STARTTLS option.



More information about the Ach mailing list