Check for DNS record MTA-STS and policy + TLS-RPT reporting #31
Labels
enhancement
New feature or request
Comments
JayBase
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Considering that DMARC, DKIM and SPF are all setup via DNS and are email protections. Would it not be prudent to also include checking and validation for the DNS based MTA-STS potocal and policy, checking the domain or hostname for an MTA-Strict Transport Security (MTA-STS) DNS TXT record and also for a valid MTA-STS Policy. When published, MTA-STS policies provide enhanced inbound protection for email being sent to your domain. This enhancement requires inbound mail being sent to your domain to be both authenticated (via proper Certificates) and encrypted (via TLS 1.2 or higher)?
MTA-STS also prevents spoofing and MITM attacks.
TLS-RPT is a standard that allows servers to report any issues, especially delivery failures, during the TLS encryption process. It is generally used with other security protocols that enforce TLS encryption, including MTA-STS, DANE, and STARTTLS.
The text was updated successfully, but these errors were encountered: