[Top] [All Lists]

Re: [ietf-smtp] How to encrypt SMTP?

2019-10-26 19:47:57
Maybe it's not necessary, but I don't know how widely mta-sts is being required.   What are the barriers to server operators turning on MTA-STS everywhere?

It's pretty easy to deploy for your inbound servers, publish some DNS records and set up some trivial web pages. (See

For outbound mail it's somewhat harder, you have to look at what's on the web page and decide whether it matches what the MTA is seeing.

I expect the main barrier is that large scale operators see failures on legit traffic that would be invisible to us little guys, but enough of them that they're not ready to accept that level of breakage. A useful thing that mta-sts borrows from DMARC is reports about what would have broken if it were enforced, so they can try and figure it out and fix it.

I believe it's the same reason that Google doesn't sign their domains with DNSSEC. They certainly could if they wanted to.

John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
ietf-smtp mailing list