On 13.03.2024 at 18:25 Kai Bojens via mailop wrote: > On 2024-03-13 00:09, Andrew C Aitchison via mailop wrote: >> Given that the advice for SMTP is often to allow tls 1.0 and 1.1, >> rather than have it revert to unencrypted, this will is something to >> watch out for.
> TLS 1.0/1.1 have been deprecated in March 2021 (RFC 8996). Systems that > are unable to use TLS 1.2/1.3 had not been updated for at least 8-10 > years. I don't see why I should accept mails from these hosts. In fact > since we stopped accepting TLS 1.0/1.1 we have also reduced the number > of spam delivery attempts as these hosts are almost always on of these > old and never updated hosts … The majority of messages which we receive over TLS 1.0 or 1.1 is not spam. Actually TLS 1.1 has a smaller share than 1.0, it seems most systems that support 1.1 also support 1.2. I can't really tell from the outside why those systems are using old TLS versions, some possible reasons might be: - expired maintenance so they cannot update their appliance - software that is written in programming languages which do not natively support TLS 1.2 like Java 6 - or most probably because they are located in parts of the world where they have other problems than the TLS version in use. In fact most of those messages do not originate from sources in Western Europe or North America. If we disable TLS 1.0 those messages will be transmitted in clear text or not at all instead of securely encrypted. Precisely from a security perspective this would be a disservice to our users. -- BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop