On Thu, Jun 2, 2022 at 08:15 PM, <info@...> wrote:
Now I just have to figure out how to explain to my Board member how to explain to usmd's tech people what the issue is and get them to care about it.
Speaking as a tech person who has to deal with customer tech people... sometimes the quickest way to fix this kind of issue is to raise it with the security officer (if they have one). The reason being, running only a deprecated protocol/cipher suite (and TLS 1.0 has been signposted for a looong time, so no excuses) can be construed as negligent. In the event of a malware/ransomware attack, this could be used as a get-out by the insurance company to reduce or avoid payouts. The security officer will (should) have a wider view of things beyond the technical and should have the power to get it sorted. The techs, to be fair, typically have a high workload and will regard what is a relatively low-risk 'hole' (generally it's the payload that's dangerous, not the delivery mechanism) as something get around to sometime. Or possibly, the only person who knows how to manage their mail gateway has moved on or been let go...
Perhaps as much to the point as the security aspect, is how much email is failing to be delivered - it will affect far more than Groups.io delivery... As Lena's hinted, it should be a fairly trivial exercise to update/configure the mail gateway in most cases.
Derek Milliner