On 7/12/19 8:37 PM, Heiko Schlittermann via mailop wrote:
Providing TLSA records is only one half of the story. The sender has to use them. Currently there is no way to force the sender to use my TLSA records, is there? (Though, I can force all senders to use TLS when talking to me, but I can't force them to use my provided TLSA records and to do any verification. And I do not have a chance to check, if they did, do I?)
That's the only thing you can do, force your senders to use TLS, but this will probably lead in mail loss at the moment. mailop doesn't even use TLS, and many news letters providers don't either. Also, if you have ECDSA certificates, outlook.com hosted sites won't even be able to send you mails, just like most people using exchange server.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
