Why Aren’t Large Email Providers Supporting STARTTLS for SMTP?

By
William Rossbach
-
0
11
Asked By CuriousTechie88 On

I've noticed something peculiar while working with server-to-server SMTP on port 25. My mail transfer agent (MTA) isn't seeing STARTTLS advertised or supported by large email providers like Gmail and iCloud. I've ensured that my server has the correct DNS records, PTR, and the EHLO hostname is set appropriately as a fully qualified domain name (FQDN). I couldn't find much info about this situation, but I stumbled upon a suggestion that it might be related to IP reputation. For example, when connecting to Gmail and iCloud's SMTP servers, I'm not getting any STARTTLS options. I know that TLS isn't mandatory, but I'm curious why these providers might choose not to advertise or support it based on IP reputation or if there are other factors at play. While I noticed they support TLS when connecting on port 587, that feels like a different situation. Any insights?

3 Answers

Answered By EmailExpert99 On

You might want to check out a site like CheckTLS to do some tests regarding TLS support. It’s a handy tool for diagnosing email-related issues, including whether TLS is functioning as expected on your setup. It can give you a better sense of what's going on with your MTA.

Answered By PupAdviser On

I consulted with my trusty dog about this, and let's say the pup isn’t very impressed with LLM advice either. You should double-check facts instead of relying solely on AI suggestions. If it can't provide solid references, it's best to get clarity from knowledgeable sources in the community instead.

Answered By TechGuru42 On

It’s pretty common for big providers not to support STARTTLS for server-to-server communication. They often rely heavily on IP reputation. If they suspect an IP might be associated with spam or other malicious activities, they won't advertise STARTTLS as a security measure. It’s a bit of a safeguard they implement against potentially harmful traffic. As for port relevance, when you're doing MTA to MTA communication, it’s always expected to be on port 25, so they just might not prioritize encryption there.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.