ISPDB configs without STARTTLS and/or SSL (was: Autoconfig for and friends)

Ben Bucksch ben.bucksch at
Sat Jan 19 15:10:33 UTC 2013

On 16.01.2013 20:08, Andrew Sutherland wrote:
> If you know of specific examples of ISPs that do not support SSL but 
> do support STARTTLS, I'd definitely appreciate them. - SMTP is STARTTLS only, only POP3 - SMTP is STARTTLS only - SMTP is STARTTLS only - SMTP is STARTTLS only, only POP3
some unheard-of Japanese ISPs - STARTTLS only, - SMTP is STARTTLS only - POP3 only - STARTTLS only (with lots of domains) - STARTTLS only - SMTP is STARTTLS only - SMTP is STARTTLS only - SMTP is STARTTLS only (they are huge!) - SMTP is STARTTLS only (they are huge!) - SMTP is STARTTLS only (that's your target group, right?)

The following configs have either incoming or outgoing with neither SSL 
nor STARTTLS, but unsecured. Some of them are POP3 only:

almost all configs in *.jp,

In addition, the following ISPs have only POP3, no IMAP: (big Austrian cable ISP) (big German cable ISP)

Please note that I generally tried to find and list all working configs, 
not only those that are officially supported, so if there's no SSL 
server listed, then most likely there simply is no working one (at least 
at the time when we did the config).

I just double-checked some of the important configs that have STARTTLS, 
but no SSL:

  * T-Online works with SSL on port 465, so we
    could add that. I only checked whether the server responds, but not
    whether the certificate is OK and a login actually works.
  * ditto
  * SSL 465 does not work. is one of the biggest mail
    providers in Germany, and in the top 5 world-wide for Thunderbird.
  * SSL 465 blackholes, no response at all
  * ditto earthlink,

Also note that I cannot guarantee that the above lists are correct. I 
have missed, so I have made mistakes. I only quickly looked over 
the configs, it's just a survey.

Without supporting STARTTLS, you are going to take a hit, but it's not 
that big, if we update some configs. But updating the configs is going 
to cost time as well, if we do it diligently. It's not clear that this 
is faster than implementing STARTTLS support. Esp.,, and earthlink/mindspring/peoplepc are significant, 
whereby the latter 2 simply don't have an SSL server, only STARTTLS, and 
they are big.

However, without supporting plain (non-SSL) connections, you are going 
to miss a huge amount of configs. Ditto with POP3.

Dropping the user into manual config is highly unfair, because that 
sends the user searching for something that we *know* doesn't exist. The 
point of autoconfig was to save time for the user, not waste it.

Compiling this list took some time, so please draw some constructive 
conclusions from it.


More information about the tb-planning mailing list