Security new feature: RFC 8461 - SMTP MTA Strict Transport Security (MTA-STS)
RFC 8461 - SMTP MTA Strict Transport Security (MTA-STS) is a mechanism enabling mail service providers (SPs) to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.
This is obviously to secure messages between mail providers, so users benefit from the additional security on transit. This is backed by: Google, Oath ("yahoo"), Comcast, Microsoft... the big company's in the area... so it should be adopted by them.
-
David Smith commented
I imagine that this will be a bit tricky for those of us with hosted domains, as we'll have to go back and create More DNS Entries (to go with our existing SPF, DKIM, DMARC, and domain verification entries). But it's not a large ask of such users, and I think it's well worth it.
-
Anonymous commented
Google just made this the Default for GMail: https://security.googleblog.com/2019/04/gmail-making-email-more-secure-with-mta.html
-
Twilight commented
I am currently running my own email server since I started my boycott of Gmail and Google services.
The fact that emails sent using SMTP on port 25 are transmitted in cleartext is the biggest privacy concern for email transmission, no matter how secure the server is which stores the emails before and after they are sent.
I have no doubt that protonmail developers are aware of this. I just don't know what they have accomplished so far regarding the relay of email to 3rd party servers, like Hotmail or Gmail.
I will need to read about this for both my server and protonmail, thank you for mentioning this and the related RFC. Bookmarked.