Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We agree that there is no magic that makes TLS work for SMTP servers that don't support TLS.


So is your logic basically that even if most SMTP is unencrypted, that doesn't affect most Gmail because most Gmail is sent between Gmail accounts? If that isn't your logic, and we discount internal mail, I cannot understand how the majority of mail originating or terminating at Google would be encrypted, provided the claim that most SMTP is unencrypted is also true. Further pedantry, SSL can be used instead of TLS.


SMTP between Google Mail and any server that supports TLS SMTP is encrypted. We seem to have identified one case --- inbound SMTP to a Yahoo MX --- where that TLS connection does't happen.

SSL and TLS are for the purposes of this discussion the same thing; the distinction between the two is actually less important in SMTP than it is with HTTP.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: