Gmail Drops Support for Connecting To Pop3 Servers With Self -Signed Certs

DECula writes "In a move not communicated to its users beforehand, Google's Gmail servers were reconfigured to not connect to remote pop3 servers that have self-signed certificates, leaving folks with unencrypted connections, or no service when getting email from other services. Not good for the small folks. One suggestion was to allow placing the public keys on Google's side in the user configuration. That would be a heck of a lot better than just dropping users into never never land." Apparently, "valid" now means "paid someone Google approves to sign the certificate." It's not like commercial CAs have the best security track record either.

Since you need FCRDNS to send mail these days

[Vekseid]

That means you have to control at least one IP address.

It's also really hard to send e-mail without at least one domain of your own.

Reseller pricing of low-end certificates is about the same cost as a domain. From Namecheap and elsewhere.

That said, I didn't know about this, and forgot to set up SSL at one of my domains. I didn't much care, but my reaction to this is pretty much "Oh, so that's what Google is bitching about. Okay."

This is much ado about rather little.

Re:Google can do what they want.

[ThatFunkyMunki]

Yes, you can. The only issue is that when you are using the gmail interface to download mail from an external POP3 server, if you want the connection to be encrypted, your SSL certificate cannot be self-signed. This does not affect anything to do with using regular gmail with a regular POP3 client.