I receive security update notifications via the "security-news-bounces@drupal.org" email list. I have been investigating requiring TLS to connect to my mail server, and find that mail from drupal.org does not attempt STARTTLS.
I wanted to find out if there were plans to move those lists to encrypted transport, or if they will remain plaintext? The mails themselves appear to be coming from OSU, so this may well be outside the scope of anything Drupal admins can directly control. I did want to check though since I receive very little legitimate mail which does not deliver via TLS anymore.
Thank you,
Chris
Comments
Comment #2
mlhess CreditAttribution: mlhess as a volunteer commentedThis mail comes from our third party provider. At the moment, they can not support this.