OT - TLS question
J.Ede at birchenallhowden.co.uk
Fri Sep 25 08:27:31 IST 2009
> That was sort of my original question - should I use TLS at all?
> The only harm is that they'll be on someone else's network broadcasting
> their passwords. I think most sites set up a server just for this
> "roaming" network traffic and use TLS as a SmartHost type setup. Our
> manager decided we didn't need that extra hardware. It'd only matter to
> people who had their clients set up to use TLS anyway. I know
> Thunderbird defaults to "use it if they offer it", but not sure how
> other clients do it.
> Anyway, thanks for the input.
We moved to TLS as a requirement for all our outgoing email a year or so back using a proper SSL (didn't cost much at all) mainly to stop passwords being broadcast in the clear and to try and reduce the chance of a compromise. It hasn't caused many problems as we didn't enforce TLS for a while and gave our clients plenty of notification of moving to requiring TLS and then chased up those that didn't make the switch before enforcing the requirement. We have the luxury of having all our outgoing email going through different servers from our inbound email which makes life much easier.
More information about the MailScanner