[Cryptography] ISPs caught in STARTTLS downgrade attacks
dave at horsfall.org
Sat Nov 15 19:28:56 EST 2014
On Sat, 15 Nov 2014, Jerry Leichter wrote:
> I will grant you that if you encrypt your mail at rest in such a way
> that the server cannot access the plaintext, you're giving up the
> ability to do spam filtering and such on the server.
This is only true if you don't run your own server, and thus are
restricted to body-checks. Most of my spam is rejected on the connecting
IP alone, with only perhaps five per week at most getting as far as header
Naturally if the headers were encrypted then I would not be able to check
those (missing or malformed Message-ID etc), but I wouldn't expect
spammers to go as far as encrypting their junk for me, although it will
probably happen should encrypted email ever go mainstream.
For laughs, see www.horsfall.org/spamlog.pdf (100kB) for my spam summary
(the pink line -- I have a warped sense of humour -- is spam actually
delivered); note the need for a logarithmic scale.
Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)
More information about the cryptography