On Mon, 27 Oct 2008, Carl S. Gutekunst wrote: > > FWIW, I've actually measured that. Each of Postini's outbound SMTP > relays connects to roughly 30,000 domains per day that claim TLS > support. Of those, about 50% use self-signed certs. (Certain "demo" > certs come up over and over.) Another 35% are CA signed, but contain > errors, like incomplete chains or expired certs. Of the 15% where the > certificate chain is valid, half don't match the MX name. So -- only 7% > to 8% of all MX domains that implement TLS do so correctly. Note that > Postini's outbound service is heavily biased towards B-to-B.
A useful survey, thanks. Did you check certificates against both the hostname and the mail domain? Tony. -- f.anthony.n.finch <[EMAIL PROTECTED]> http://dotat.at/ FITZROY: NORTH OR NORTHWEST 5 TO 7, PERHAPS GALE 8 LATER. ROUGH OR VERY ROUGH. RAIN OR SQUALLY SHOWERS. MODERATE OR GOOD.
