On Fri, Feb 27, 2026 at 12:27 AM John R Levine <[email protected]> wrote:
>
> > Starttls, in both SMTP and IMAP, can be mitm'd (injection of refusal). We
> > should not be using them any more.
>
> Not for SMTP if you use MTA-STS or DANE TLSA.
>
> In any event, in SMTP the only alternative to STARTTLS is not to use
> STARTTLS, which I don't think anyone would say was an improvement.
There's also SMTP over implicit TLS , defined in section 3.3 of RFC
8314 - admittedly only a proposed standard, from 2018.
--
Francesco Chemolli
