But is there any reason that prevents google to use DNSSEC other than the arrogance of power? Imho it is obvious that mta-sts is only useful for big players that prefer to ignore destinations not in their cache. For the rest of us, mta-sts is inferior to smtp-dane. Joachim
-----Ursprüngliche Nachricht----- Von: Viktor Dukhovni via Postfix-users <[email protected]> Gesendet: Freitag, 8. März 2024 22:44 An: [email protected] Betreff: [pfx] Re: mta-sts and smtp_tls_security_level On Fri, Mar 08, 2024 at 10:01:29PM +0100, Joachim Lindenberg via Postfix-users wrote: > Imho you get pretty close to mta-sts if you use verify together with a > DNSSEC-validating resolver. You just validate the "authorized" MTAs by > different means. Yes, but google.com and yahoo.com (the domains mentioned by the OP), are not presently DNSSEC-signed. :-( -- Viktor. _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected] _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
