
Announcing STARTTLS Everywhere: Securing Hop-To-Hop Email Delivery - panarky
https://www.eff.org/deeplinks/2018/06/announcing-starttls-everywhere-securing-hop-hop-email-delivery
======
nwah1
Fantastic. This is why we should support the EFF.

------
parliament32
Very cool stuff. Unfortunately, can't really deploy verification on production
because of "WARNING: this is a pre-alpha codebase. Do not run it on production
mailservers!!!" in [https://github.com/EFForg/starttls-
everywhere](https://github.com/EFForg/starttls-everywhere)

~~~
devereaux
You can do that right now if you close port 25 and just keep port 465.
However, you may miss some emails. The same will happen when the code is no
longer pre alpha, as per the RFC encryption is optional on port 25 and 587.
Making it mandatory means some servers will not be able to talk to yours.

Port 465 is for smtps : SSL encryption is started automatically before any
SMTP level communication.

Port 587 is for msa : It is almost like standard SMTP port. MSA should accept
email after authentication (e.g. after SMTP AUTH). It helps to stop outgoing
spam when netmasters of DUL ranges can block outgoing connections to SMTP port
(port 25). SSL encryption may be started by STARTTLS command at SMTP level if
server supports it and your ISP does not filter server's EHLO reply (reported
2014).

cf [https://stackoverflow.com/questions/15796530/what-is-the-
dif...](https://stackoverflow.com/questions/15796530/what-is-the-difference-
between-ports-465-and-587)

