[xtajv]

> A scenario where the attacker controls the plaintext being sent but doesn't know what the plaintext is seems quite unlikely.

https://en.wikipedia.org/wiki/Chosen-plaintext_attack#In_pra... comes to mind.

(Not sure what attack scenarios OP had in mind -- iust sharing the usual CPA example)

[jsnell]

The suggested attack was the attacker writing an infinite stream of EHLOs on a connection. What's the scenario where an attacker has full control of the SMTP control framing, but doesn't have attack to the payloads?