On Wed, Mar 25, 2015 at 12:56 AM, Andrew Kay <[email protected]> wrote: > Until a few years ago, I imported all mail via POP3. This stopped when > Google decided that self-signed certificates were less secure than no > encryption at all (how does this make sense?). At that time, Google > employees advised users either to get an SSL certificate signed by a trusted > CA, or have email forwarded from the external server.
Connecting in the clear to a POP3 server is your risk but why should Google allow encrypted connections to hosts with a self-signed certificate? As you say, this is a family member providing you with an email account, no doubt associated with a domain you own, for free. That is directly competing with what Google sells. > So for the last few years, I've had my email forwarded from there with no > problem. Then tonight I am told by my close family member that my emails > will no longer be forwarded, because Gmail is rate-limiting all mail sent by > that server, because some of the emails I get forwarded are spam. To make > matters worse, Gmail is apparently doing this in at least one instance by > silently dropping messages while still indicating that the mail has been > accepted. If I were Google I would ask the question "why should I accept emails from an MX host that is forwarding them on when so many of them contain Spam? Why is that host not filtering out the Spam?". I too have my own VPS and forward email for some of my domains from there and I have never (yet) been rate-limited or had messages not arrive. I do maintain the virus scanner and Spam filter and it's a fair amount of work. > So as far as I can tell, Google's official policy is: > > Sending passwords in cleartext is better than trusting a certificate signed > by your close family member, because at least you know that cleartext is > insecure. > If you want to not do that, then you must either convince the server admin > to buy an SSL certificate so that you can read your email more conveniently, > or > Convince the server admin to forward all your email along, risking their > server's reputation and potentially interrupting normal use of their service > by other users Again, Google is in the business of selling Apps for Business. You are effectively trying to bypass the email part and still use free Gmail to send/receive email for your domain. If your family member is providing email as a service to others, then he really should be using a proper certificate. > The obvious solution would just be to let me approve a particular > self-signed certificate. I am not the first person to ask for this option. > But in any case, following Google's advice to have email forwarded along > should certainly not result in mail being silently dropped, let alone other > people's mail... The obvious solution for you yes, but not for Google. They are protecting themselves from every Joe out there forwarding mail from their VPS without adequate spam/virus protection, and protecting their business model. I'm sure it's only a matter of time until they stop all unencrypted connections too. -- Marko -- You received this message because you are subscribed to the Google Groups "Gmail-Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/gmail-users. For more options, visit https://groups.google.com/d/optout.
