SMTP Health Campain

Enforce STARTTLS and verify the certificate, that’s it!

gaster doctor

Dear postmasters

As of January 2020, the large majority of SMTP servers are still not enforcing STARTTLS against either DANE or valid SSL certificate chains, which is a problem, since email messages are supposedly private.

It is not like doing clear-text HTTP for serving read-only public websites. It is worse than that, namely doing private communication over the public network, in clear-text or with un-authenticated encryption (meaning someone in the middle can impersonate the receiver).



MX/server setup

Note: you do not necessarily have to go to the painful route of DNSSEC and DANE.

Relay/client setup

Are you from the future?


TLSA Record Generator https://ssl-tools.net/tlsa-generator

CryptCheck https://tls.imirhil.fr/

A system for ensuring & authenticating STARTTLS encryption between mail servers https://github.com/EFForg/starttls-everywhere

OS3 | SMTP | FTP | xhtml/css
Innopolis University