Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
sbiewald377532dThe problem with StartTLS goes even further: If certificates are validated, then they should match either the target domain, or the hostnames in the MX records.
Once you are a man in the middle, you can just change the MX records to your servers, and even with certificate validation of the mail server, you can now read the mails.
Anyway, we do have some methods against this:
- StartTLS everywhere, a list of mailservers that always use can do TLS; there are e.g. plugins for maikservers
- DANE, a DNS entry with pinned certificates and StartTLS announcement; requires dnssec
- MTA-STS which is a mix of DNS and a policy delivered per HTTPS, to announce permanent availability StartTLS, including MX record pinning. Once a sending mailserver sees a policy, it stores the policy until it expires.
The problem isn't IMAP and SMTP. The problem is that they were good enough to not get replaced.
PressTitude593131dI read your post, but honestly I didn't understand 90% of it!
If you know and like these stuff, and have problems with current technology, why don't you create your own protocol?
Condor3421129d@115105109 I'm still trying to understand email myself honestly. I can send emails via nc and it's often done for troubleshooting, but there's so much more to email than just those basic emails. In fact that's something that annoys me about email, the protocol has been made so damn complicated with extension after extension. But there's also a reason for that, and government mail servers that don't do TLS showcase that quite well. Email has not been designed with futureproofing in mind. So extensions are made all the time to make this trainwreck of a protocol work somewhat quarter-ass decent.
Everyone that runs a mail server regrets and hates running a mail server, to the point where I'd actually consider it a metric to determine who has run a mail server and who hasn't. But replacing it.. while we all want to, we all know that compatibility is not in our favor. It's hard to make an extension and make people adopt it, and it's gonna be even harder to make people use a new protocol.
sbiewald377529d@Condor I disagree with you and certainly not regret running a mail server.
Sure, some extensions are quite... messy but almost always I use one of authentication, StartTLS, UTF-8 and delivery notifications.
And government servers not supporting TLS... They are always years behind current development and what was a few years ago? Even many mail providers did not support TLS. Just because they are to idiotic to configure TLS as they would do for any other application using TLS, does not show that SMTP is complicated.
On contrary, while I find SMTP a bit verbose, it is human readable and can even be performed by a human, if needed.
Condor3421129d@sbiewald well yeah I guess there are exceptions to that, just many people that I talked to or started setting up a mail server of their own recently absolutely hated it. Though eventually I guess it becomes more and more familiar and less annoying to work with mail servers. And when they work they're awesome of course.
TLS might not have been ideal as an example, though STARTTLS definitely was one of the extensions of otherwise plain email. And it was poorly done IMO, there are much better implementations in other protocols. Maybe it's indeed just government stuff with TLS but I find it super annoying that I have to bend myself like a pretzel to support every other mail server that doesn't support this or that feature.
The SMTP protocol can indeed be performed by humans and that's awesome, but so can many other protocols. Retrieving a web page is also as simple as "GET /webpage.html" (HTTP/1.1 seemingly optional).
TobyAsE7If there is SMTP (Simple mail transfer protocol), is there also HMTP (Hard mail transfer protocol)?
fahad32675I used PHPMailer to send emails to a client's website user. SMTP host is smtp.gmail.com. web was hosted on Bl...
message4So we hired an intern and his first task was to change a few things in email layout for our client, which is a...