Cox SMTP relays not initiating TLS connections to remote MX
It appears that SMTP connections from at least some Cox SMTP relay servers and business servers and at least one third party SaaS do not use TLS to secure email transfer over the public internet. This is visibly marked for users on common email service providers such as Gmail and can typically be identified in email server logs on receiving SMTP servers.
When an example non-Cox SMTP server does connect to a receiving server using TLS, the server notes it in the Received header; this is what we like to see in 2017:
Received: from sv3-smtp2.lithium.com (sv3-smtp2.lithium.com. [22.214.171.124])
by mx.google.com with ESMTPS id q18si1877182pgd.635.2017.12.20.09.27.39
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 20 Dec 2017 09:27:39 -0800 (PST)
When a Cox relay server connects and does not use TLS, this is indicated by absent crypto details:
Received: from fed1rmfepo102.cox.net (fed1rmfepo102.cox.net. [126.96.36.199])
by mx.google.com with ESMTP id m3si5685540oia.134.2017.12.21.00.59.46
for <email@example.com>; Thu, 21 Dec 2017 00:59:46 -0800 (PST)
When the Telligent service used for Cox forums connects and does not use TLS, same thing:
Received: from 767821-SSAJOB01.saas.telligent.com (767821-SSAJOB01.saas.telligent.com.
[188.8.131.52]) by mx.google.com with ESMTP id n66si5063795ith.136.2017.12.21.01.14.18
for <firstname.lastname@example.org>; Thu, 21 Dec 2017 01:14:19 -0800 (PST)
Not using TLS can disclose sensitive information or allow communications to be altered in transit. Can Cox please enable their SMTP services to connect using TLS (STARTTLS)?