EmailDiscussions.com - View Single Post - Should fastmail opt into strict transport layer security mode?

snappy · 3 May 2019, 08:11 AM

Even if the Australian government can compel Fastmail to install a backdoor to exfiltrate secured SMTP traffic, they probably wouldn't go through that length. But at the same time you shouldn't dismiss the "worst case scenario," because at some point in history mass surveillance on the Internet was considered hysteria/conspiracy theory territory which was unequivocally proved wrong.

In any case, MTA-STS is an improvement over the current posture of SMTP TLS interconnect by adding a stronger element of trust/authentication. It mitigates the threat of bad actors and MITM attacks for fairly negligible overhead/cost. There's probably never really been an attack in the wild of a rogue SMTP server masquerading as a legitimate entity, but it's just another way to keep servers/systems honest.

To me, it's a no brainer, implement it. Probably not that important to expedite though.

3 May 2019, 08:11 AM	#5
snappy Junior Member Join Date: Nov 2014 Posts: 8	Even if the Australian government can compel Fastmail to install a backdoor to exfiltrate secured SMTP traffic, they probably wouldn't go through that length. But at the same time you shouldn't dismiss the "worst case scenario," because at some point in history mass surveillance on the Internet was considered hysteria/conspiracy theory territory which was unequivocally proved wrong. In any case, MTA-STS is an improvement over the current posture of SMTP TLS interconnect by adding a stronger element of trust/authentication. It mitigates the threat of bad actors and MITM attacks for fairly negligible overhead/cost. There's probably never really been an attack in the wild of a rogue SMTP server masquerading as a legitimate entity, but it's just another way to keep servers/systems honest. To me, it's a no brainer, implement it. Probably not that important to expedite though.