Small notes right now: - https://github.com/iSECPartners/sslyze SSLyze can test ciphers in StartTLS - http://www.checktls.com/index.html is a sweet site testing servers one-by-one - I documented a few a year and a half ago: http://ritter.vg/blog-no_email_security.html
I think pinning will be critical: - pin that this domain offers TLS - pin that this domain offers TLS with a valid cert - use DANE for SMTP -tom -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
