I am a little confused but have note yet had time and interest at the same time to back through the thread....
I thought when it started that the complaint was somebody using a public wiffy had been victimized by something I read about recently (and thought it was here that I had red it) where somebody sets up a fraudulent server on the wiffy that advertises a false-flag email "server" that strips out the security stuff and then sends the traffic to an accomplice-site that eventually gets the stripped traffic to its original destination.