this post was submitted on 07 Jun 2026
242 points (98.4% liked)

Technology

85208 readers
3938 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
242
Fedora Linux 43 exposes 20-year-old Microsoft Outlook security failure (nerds.xyz)
submitted 1 day ago by nahostdeutschland@feddit.org to c/technology@lemmy.world
19 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] dan@upvote.au 1 points 18 hours ago

In my experience, no large business would decide to only accept encrypted inbound SMTP

For submission (connections coming from users that have an account on the server) or for relay/target (connections coming from other email clients)? All email clients support encryption so I think requiring encryption for submission is reasonable. Server-to-server (port 25) can't have it enforced though, like you said.

SMTP is one of the worst protocols I have ever seen so widely used

It's from a era where everyone trusted everyone else. All connections were unencrypted, spam protection and rate limiting weren't needed, and security really wasn't on people's minds. Modern security and spam protection is hacky because it's built on top of protocols that weren't designed for it.

The other major issue with old protocols is that they're stateful. Modern protocols are mostly stateless since it's generally easier to deal with. They've also had more and more features hacked into them over time, so the specs are enormous.

There's been one major attempt at modernizing it: JMAP. It's stateless, uses JSON, and intends to replace both IMAP and SMTP. FastMail started the project. https://jmap.io/why-jmap/

However, they've only looked at the "easier" part to replace: Communication between a user and their email server. They're not looking to replace server-to-server communication at all.