OPENPGPKEY and SMIME/A also use DNSSEC, if you're interested in those protections for your users.
-- Alex Brotman Sr. Engineer, Anti-Abuse Comcast > -----Original Message----- > From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jesse > Thompson via mailop > Sent: Monday, October 15, 2018 6:18 PM > To: mailop@mailop.org > Subject: [EXTERNAL] [mailop] Business justification for DNSSEC? > > Is there a good summary of current and emerging email technologies that > depend on DNSSEC that can be referenced for building a business > justification for prioritizing DNSSEC within an organization? > > From my knowledge/understanding (Disclaimer: I might be wrong) the list is: > 1) SMTP Security via Opportunistic DANE TLS > 2) Require TLS Option > 3) Inter-domain SMTP with TLSA - MX lookup checks, SMTP server checks > > Technologies that are explicitly working around the lack of DNSSEC: > 4) MTA-STS > 5) STARTTLS Everywhere > > Thanks, > Jesse Thompson > University of Wisconsin-Madison > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
