>> On 7/13/2007 11:04 AM, arni wrote:
>> > From large providers i sometimes recieve messages through encrypted
>> > smtp, the header looks smth like this (qmail):
>> >
>> > ... with (AES256-SHA encrypted) SMTP; ...
>> >
>> >
>> > Would it be a good idea to give a minimal negative score on this -0.1 or
>> > -0.2 if this happens on the last hop? - It proves that the sending smtp
>> > server is very protocol sane, which spambots are usually not.


Hi Eric,

probably the sending mail server does not use a cert in this case, only the
destination one
A while ago I needed to test ssl sending, and it was not really a big deal to create
a perl script to send ssl mails. From the point of spammers using zombie'd computers,
the extra cpu time to do the ssl is no concern either. So in case there is a commonly
available ssl package (or it is not too big to download), I would expect the bad guys
to learn starttls pretty fast

Wolfgang Hamann

>> It's a good idea to look at last-hop transfer and see if it used STARTTLS,
>> if the certificate was valid, etc., and is something I've got on my to-do
>> list for future development.
>> The big problem is that there is no real standard and every MTA records
>> the details differently.
>> --
>> Eric A. Hall http://www.ehsco.com/
>> Internet Core Protocols http://www.oreilly.com/catalog/coreprot/