STARTTLS and Why It’s Significant
One of the things that will catch out many people coming from the web world is the concept of STARTTLS.
If you are used to things being secure on insecure you may wonder can you have a mix of both and why would you. Both are explained in the fastmail link above so I am not going to worry about the theory.
Let’s do some testing.
Having a look at Googles SMTP service we can see port 25 is open. We know that Google is pretty good about security so we can assume that they won’t let people connect with insecure protocols.
However this doesn’t seem to be the case. As we have a session and we can type things in it.
Now let’s see what happens when we try to use the AUTH LOGIN command (how SMTP logs you in)
The error message says we need to run the STARTTLS command first (which we do)
And after a while you will get disconnected.
The key takeaway - while we can connect insecurely we are limited as to what we can do until we tell the server to start using Secure Connections.