On 10/6/19 8:10 PM, John R Levine wrote:
... If an MX record with target smtps- or starttls- isn't signed
using DNSSEC, it's not clear that the client should trust the smtps- or
starttls- prefix, and that the client should drop mail that can't be
relayed that way.??...
What's wrong with MTS-STS defined in RFC 8461?
It's defined, it works, it's deployed at a lot of large mail systems.
I hope MTS-STS turns out to be sufficient. But I've seen so many
attempted solutions fail for one reason or another that I don't think it
hurts to discuss potential alternatives.
ietf-smtp mailing list