Skip to Content [alt-c]
In reply to Comment by Reader Charles
If by "SMTP client" you mean a mail user agent (MUA) like Thunderbird, Mail.app, Outlook, etc., then I think the popular ones probably do it correctly. I'd be concerned about less popular ones that have received less scrutiny.
If by "SMTP client" you mean a mail transfer agent (MTA) that's sending mail server-to-server, then they intentionally allow downgrades, because not all MTAs accept mail over TLS. Since this is intentional and currently unavoidable, I'm not really talking about this case. I'm more concerned with the client to server scenario which is virtually always expected to be secure.
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.