this post was submitted on 21 Feb 2024
11 points (100.0% liked)
/c/cybersecurity - Cybersecurity News & Discussion
2121 readers
1 users here now
A community for technical news and discussion of cybersecurity and closely related topics.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I think they're saying that TLS isn't used for submitting an email for outbound delivery and that both the webmail and initial SMTP servers are on the same internal network.
Sounds reasonable to me. What would TLS gain there?
The gain would be that an attacker having a foothold on the internal network (by having a physical access or hacking a device on it) would be able to sniff and modify outgoing emails.
I'm a bit sceptical about the performance claim on modern hardware.
That said it's not a completely unreasonable tradeoff.
If an attacker is already inside and has access to a server, they have bigger problems to worry about.