I receive security update notifications via the "security-news-bounces@drupal.org" email list. I have been investigating requiring TLS to connect to my mail server, and find that mail from drupal.org does not attempt STARTTLS.

I wanted to find out if there were plans to move those lists to encrypted transport, or if they will remain plaintext? The mails themselves appear to be coming from OSU, so this may well be outside the scope of anything Drupal admins can directly control. I did want to check though since I receive very little legitimate mail which does not deliver via TLS anymore.

Thank you,

Chris

Comments

xrayspx created an issue. See original summary.

mlhess’s picture

mlhess CreditAttribution: mlhess as a volunteer commented
Status: Active » Closed (won't fix)

This mail comes from our third party provider. At the moment, they can not support this.