[Cryptography] ISPs caught in STARTTLS downgrade attacks

Dave Horsfall dave at horsfall.org
Sat Nov 15 19:28:56 EST 2014

On Sat, 15 Nov 2014, Jerry Leichter wrote:

> I will grant you that if you encrypt your mail at rest in such a way 
> that the server cannot access the plaintext, you're giving up the 
> ability to do spam filtering and such on the server.

This is only true if you don't run your own server, and thus are 
restricted to body-checks.  Most of my spam is rejected on the connecting 
IP alone, with only perhaps five per week at most getting as far as header 

Naturally if the headers were encrypted then I would not be able to check 
those (missing or malformed Message-ID etc), but I wouldn't expect 
spammers to go as far as encrypting their junk for me, although it will 
probably happen should encrypted email ever go mainstream.

For laughs, see www.horsfall.org/spamlog.pdf (100kB) for my spam summary 
(the pink line -- I have a warped sense of humour -- is spam actually 
delivered); note the need for a logarithmic scale.

Dave Horsfall DTM (VK2KFU)  "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)

More information about the cryptography mailing list