Maybe it's not necessary, but I don't know how widely mta-sts is being
required. What are the barriers to server operators turning on MTA-STS
everywhere?
It's pretty easy to deploy for your inbound servers, publish some DNS
records and set up some trivial web pages. (See
https://mta-sts.taugh.com/.well-known/mta-sts.txt)
For outbound mail it's somewhat harder, you have to look at what's on the
web page and decide whether it matches what the MTA is seeing.
I expect the main barrier is that large scale operators see failures on
legit traffic that would be invisible to us little guys, but enough of
them that they're not ready to accept that level of breakage. A useful
thing that mta-sts borrows from DMARC is reports about what would have
broken if it were enforced, so they can try and figure it out and fix it.
I believe it's the same reason that Google doesn't sign their domains with
DNSSEC. They certainly could if they wanted to.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp