[exim-announce] Exim, TLS, BEAST et al - security notes
|This message is part of the following thread:|
|the complete thread tree sorted by date|
(1) No SMTP-level encryption; the bulk of email today is sent like this, and so for security the sender should use an end-to-end system such as PGP or S/MIME. (2) Encryption from a mail-client to the mail-server, for mail submission, typically on port 587 (or 465); some degree of identity verification is performed here and there's an assumption of security. (3) Opportunistic encryption MX->MX, vulnerable to Man-in-the-middle attack because there is no defined idea of what the "identity" of a mail-server should be; that's a separate debate, but in short it's highly likely that if you're sending passwords in this mode, you're crazy. (4) Encryption MX->MX by out-of-band established policy on identity verification.