this post was submitted on 07 Jun 2026
183 points (97.9% liked)
Technology
85208 readers
3496 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
In my experience, no large business would decide to only accept encrypted inbound SMTP. So as usual with SMTP you try to handle the worst clients sending you mail with nothing security wise (no DKIM, no SPF, no TLS) and still try to filter all the spam out of it and that's about it.
And I acknowledge the effort from google to push the security to get better but even then nobody wants to accept to miss a few dirty emails for the sake of security.
The stance is unfortunately to never be the one refusing emails even when they are absolutely and completely unsecured. It really sucked being an admin on that kind of systems. SMTP is one of the worst protocols I have ever seen so widely used and there is still this idea that you should accept mail even when they dont fully respect the basic security requirements Gmail has made mandatory.
Most of the time the higher ups didn't seem to care about the confidentiality of mails received.