I would push DANE a bit up in the list. DNSSEC can be a drag to some,
but it is really the way to go in terms of decentralization of
encryption. It is also a good practice.
On 24 Jul 2020, at 12:40, Phil Pennock via mailop wrote:
* MTA-STS webserver with HTTPS from the same CA, and the relevant
MTA-STS txt file in place; add the DNS record when it's up and
happy.
You may find this helpful
https://esmtp.email/tools/mta-sts/
Best regards
-lem
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
