I have done some testing via my own tool and published results on
https://blog.lindenberg.one/EmailSecurityTest.
Gmx and web.de do support SMTP-DANE (with bugs), outlook and gmail don´t.
outlook and gmail also support MTA-STS at least partially. Proton support
SMTP-DANE inbound only. Yahoo don´t know (yet). Not sure the table (html) will
pass through the mailing list.
Web.de
Gmx
Gmail
Outlook
T-Online
SMTP-DANE
✓(1) / ✓
✓(1) / ✓
✗ / ✗
✓ / ✗
✗ / ✗
MTA-STS
✗ / ✗
✗ / ✗
✓(2) / ✓
✓ / ✓
✗ / ✗
SPF
✓ / ✓
✓ / ✓
✓ / ✓
✓ / ✓
✗ / ✗
DKIM
✓ / ✓
✓/ ✓
✓ / ✓
(3) / ✓
✗ / ✓
DMARC
(4) / ✗
(4) / ✗
(4) / ✓
(4) / ✓
✗ / ✗
outbound / inbound , ✓ supported, ✗ not supported.
1. SMTP-DANE buggy but ok with trusted certificates
2. MTA-STS policy caching not conforming to RFC 8461
3. *.com and customer domains yes, others using ARC
4. Policy contains (s)p=none
For customer domains, provider and owner need to cooperate
In essence 50%+ of German users can be reached with SMTP-DANE.
If you are missing your provider, trigger a test. SPF,DKIM,DMARC inbound
require a separate test (with hum interpration) that can be requested at
[email protected] <mailto:[email protected]> .
Regards,
Joachim
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
