From: Matthias Leisi (no email)
Date: Thu Mar 01 2007 - 03:54:55 EST
> On Wed, Feb 28, 2007 at 01:15:28PM -1000, Ren? van den Berg wrote:
>
>> Can anybody provide me with a percentage of email that is sent
>> encrypted between mail servers.
>
> Which mail servers?
I did a survey of about 1'000 domains from my log last year (details at
[1], in german). Similar to a survey from the University of applied
sciences in Zurich in 2004 [2] (for actvie .ch and .li domains), I found
about 30% of the mailservers offer TLS -- for various values of "offering"
(certificates from home-grown or "well-known" CAs, CN [not] matching the
MX name etc).
More interesting than the number/ratio of mailservers would be the ratio
of mail volume (after spamfiltering for incoming messages, or generally
for outgoing), and this will highly depend on the usage pattern (eg retail
vs. business-to-business communication).
What such surveys are obviously not able to find out is to what degree the
use of TLS encryption and certificate verification is enforced by the
remote end (eg, will it let mail to example.com pass through even if the
certificate verification failed).
-- Matthias
[1] http://matthias.leisi.net/archives/156-TLS-Nutzung-Wer,-Wo,-Was.html
[2] Used to be at http://security.zhwin.ch/infoweek.pdf but this seems to
be gone; referenced in
http://matthias.leisi.net/archives/162-Mehr-TLS-Statistik.html (also in
german)
|
|
|