On 4/28/22 05:40, Matt Corallo via mailop wrote:
AFAIK, the *only* shop that enforces the rube-goldberg machine that is
MTA-STS that doesn't also enforce TLSA/DANE is Google.
I'm really wondering why people have so strong objections against
MTA-STS. Actually it's pretty easy to setup and it's the only standard
allowing you to specify a mandatory-TLS receiving policy (in opposite to
opportunistic).
And security standards does not have to be XOR-used. Why not doing the
one thing *and* the other?
And skipping it avoids the pain of setting up a number of steps and,
for some reason, introducing an HTTP server into your mail-receiving
stack?!
Is that simple HTTP server serving a tiny static file is really such a
big deal? Personally I don't see why.
Just my 2 cent.
Ciao, Michael.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop