On 11/04/2019 18:11, Anders Gustafsson wrote:
> Seriusly.. What is the point? We have had TLS for SMTP > 10 years so
> email between responsible parties is encrypted in transit.
>
> All this adds is an extra level of hassle and no benefit?


it's an oracle based encryption system meant to compete with cisco's
CRES offering (and pgp universal gateway, zixmail and similar) which
traditionally can be used with on-premise exchange, but obviously not o365.

TLS for SMTP can be trivially broken in MITM attacks by hiding the
"STARTTLS" offer during ehlo. Cisco routers certainly used to do that
by default (INSPECT ESMTP) which is irritating. Almost no SMTP senders
insist on TLS.