Do you really know who is at the other end of your email communication? Read about TLS.
Here's how to test if your server supports TLS:
At command prompt use nslookup to get the mail server for a domain (in this example checking postini.com)
> nslookup
> set q=mx
> postini.com
The results have a line for each mail server like this:
postini.com MX preference = 5, mail exchanger = postini.com.s8a1.psmtp.com
> exit
Now use telnet to test the mail server above (after exchanger = ) to find out if supports TLS:
>telnet postini.com.s8a1.psmtp.com 25
after you connect:
>ehlo postini.com
If you see this in the output, the server supports inbound TLS communication:
> 250-STARTTLS
Unfortunately...a lot of mail companies support inbound, but not outbound TLS. Yahoo for example, supports sending mail using TLS however when I turned on end to end TLS enforcement, people using Yahoo could not send me email. That means email from them to me is never encrypted and highly insecure.
