mailing list archives
Re: Web Tool Announcement: ismymailsecure.com
From: Holger Rabbach <hrabbach () crossroad-networks com>
Date: Wed, 25 Aug 2010 13:48:49 +0200
On 25/08/2010 11:30, Kari Hurtta wrote:
And because mail server name and email address does not need to be any
connection also checking of signature of certificate agaist CA does not
help much. It does not protect attack agaist MX records on DNS.
true - so in an ideal world, we would need DNSSec everywhere and strict
certificate checking to significantly reduce the possibility of MiTM
attacks. In a not so ideal world, every little bit helps, so if we can
get mail servers to routinely use encryption between each other, that's
a nice first step and using valid certificates that can actually be
verified is a second one. Both will help significantly already.