On Sat, Oct 18, 2025 at 06:14:03PM +0100, Andrew C Aitchison via mailop wrote:
> How much trust should we put in the not-before date of a self-signed
> certificate ?
None. For reputation based on how long a client domain has been around,
one would need to maintain a history of client connections, and assign a
small positive score to clients that have been connecting for months or
years, and have managed to stay clean. A reputation service may be able
to curate this sort of data.
Client certificates could also be used to beef up trust in ARC
signatures. All that said, the use case for SMTP client certificates is
not presently very compelling, that could change some day, but for the
foreseeable future SMTP client certificates will remain niche.
--
Viktor. 🇺🇦 Слава Україні!
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
