> On Feb 12, 2018, at 9:05 PM, @lbutlr <krem...@kreme.com> wrote:
>> Compatability with the clients that only implement one?
> Are there any? It's been a long time since I saw someone using an old enough
> Outlook to require 465.
There's not much gain. If both the client and the server are misconfigured
on port 587, a client might send passwords and message content in the clear.
If at least one insists on TLS, and the server does not offer SASL auth prior
to TLS, there's no compelling reason for port 465. Hence the case for 465 is
not especially strong, but it now has "official" IETF blessing.
Nobody in the working group had strong enough objections to argue against
the authors' desire to make all the MUA protocols (IMAP, POP and submission)
look alike and support "implicit TLS". With MUAs mostly doing implicit TLS
for IMAP and POP, doing the same for SMTP submission looks better on paper.
So make your judgements about what this means to you. The main idea is to
require TLS, whether it is "implicit" or "STARTTLS" is rather secondary.