[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
> On 20 Feb 2018, at 20:10, Joseph Bennie <jay@xxxxxxxxxxx> wrote: > > really the best email solution is gmail business. set it up, set your mx records > job done. any retort about email security is moot. email transmits in plain text. > ie its readable in transit. The only secure email is the one not sent. Whilst I generally agree most (>88% at Google) email is at least opportunistically encrypted on the wire. Email is still hideously insecure in general. But most mail clients complain if submissions are not encrypted correctly. Most servers are opportunistically encrypting. At $DAYJOB we have taken to enforcing TLS when sending to any regular correspondents whose mail server has 100% correct TLS config e.g. valid trusted certificates with the right name, and it is yet to cause any(!) issues. I really need to automate this.... We use Gmail for this, and Iâm skeptical how many senders make the same change their end (sad face), but if they do then hopefully gmail is high on their list of destinations to protect. The argument being that if their email server is 100% correct they clearly have professional email management and will likely keep it that way. Some of the organisations still living in the dark ages of self signed email certificates are âsurprisingâ. Sure you can still own a domainâs DNS get some free certs and proxy their email server. But there are few protocols resistant to that level of attack*, and even fewer people use the relevant features of those protocols to stop such attacks. Although a surprising amount of the Internetâs traffic is so protected, mostly thanks to Google doing the right thing on their own properties. * Plug: if you need a comms system resistant to those sorts of attack, if you have budget, if you can find us.... -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq