[liberationtech] The status of SMTP security in email communication infrastructures

[Tom Ritter]

Small notes right now:

 - https://github.com/iSECPartners/sslyze SSLyze can test ciphers in StartTLS
 - http://www.checktls.com/index.html is a sweet site testing servers one-by-one
 - I documented a few a year and a half ago:
http://ritter.vg/blog-no_email_security.html

I think pinning will be critical:
 - pin that this domain offers TLS
 - pin that this domain offers TLS with a valid cert
 - use DANE for SMTP

-tom