Hacker News new | past | comments | ask | show | jobs | submit login

I think most SMTP use STARTTLS with preetablished TCP connection..



Not sure about real-world statistics, but the current IETF position is that SMTP STARTTLS for mail submission (not transport) is to be phased out in favour of “implicit” SMTP-over-TLS with no cleartext portion, due in part to the former being an implementation minefield[1].

[1] https://datatracker.ietf.org/doc/html/rfc8314#appendix-A


Recent submission https://news.ycombinator.com/item?id=34736416


There's a big push to use implicit TLS with SMTP, instead of STARTTLS. Here's a post about that:

https://blog.apnic.net/2021/11/18/vulnerabilities-show-why-s...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: