Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-11284

Consider forwarding mail with TLS

    XMLWordPrintableJSON

    Details

    • Project:
      Foundation

      Description

      GMail recently added a little padlock icon to received mail which indicates it received that email via an unsecured connection. This icon appears for email forwarded to GMail from my apache.org address, indicating ASF is not delivering traffic to the destination SMTP servers with TLS (presumably STARTTLS on port 25, but I don't see details) when possible. Presumably, this doesn't just affect GMail, but any destination server our apache.org mail is being forwarded to (not all of which will support TLS).

      While mailing list activity is generally public, some people may receive private, interpersonal, or sensitive email to their apache.org address (it's possible... I wouldn't recommend it, but you can't always control what you receive). At the very least, the mail headers, indicating the user's, potentially private, forwarding address is not safe-guarded.

      I would probably rate this personally as pretty low-risk, low-priority, but it might be worth considering using TLS, when possible, to deliver forwarded email.

      https://support.google.com/mail/answer/6330403
      https://www.google.com/transparencyreport/saferemail/faq/

        Attachments

        1. apacheencrypt.png
          53 kB
          Charles R Allen

          Issue Links

            Activity

              People

              • Assignee:
                cml Chris Lambertus
                Reporter:
                ctubbsii Christopher Tubbs
              • Votes:
                3 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Review Date: