But is there any reason that prevents google to use DNSSEC other than the arrogance of power? Imho it is obvious that mta-sts is only useful for big players that prefer to ignore destinations not in their cache. For the rest of us, mta-sts is inferior to smtp-dane. Joachim
-----Ursprüngliche Nachricht----- Von: Viktor Dukhovni via Postfix-users <postfix-users@postfix.org> Gesendet: Freitag, 8. März 2024 22:44 An: postfix-users@postfix.org Betreff: [pfx] Re: mta-sts and smtp_tls_security_level On Fri, Mar 08, 2024 at 10:01:29PM +0100, Joachim Lindenberg via Postfix-users wrote: > Imho you get pretty close to mta-sts if you use verify together with a > DNSSEC-validating resolver. You just validate the "authorized" MTAs by > different means. Yes, but google.com and yahoo.com (the domains mentioned by the OP), are not presently DNSSEC-signed. :-( -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org