> On Feb 17, 2016, at 10:24 PM, Paul Wouters <paul@xxxxxxxxx> wrote: > > So if my ISP is blocking port 25, I am forced to ask my ISP if the > remote party could accept encrypted email and to which key? [ That's only if your ISP is your submission server, in which case they're also likely operating the zone that would public your public keys, and you're likely vulnerable to a variety of attacks via that ISP. Since faking the keys of remote parties is likely tamper-evident, and such faking can also happen by who-ever is publishing the zone data on the other end, I think this is a reasonable architecture, but we digress... ] The addrquery draft is not under discussion here, so perhaps I should not even have said that much. Exploring additional approaches seems reasonable. -- Viktor.