#tlsrpt — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #tlsrpt, aggregated by home.social.
-
TLS-RPT: the protocol your DMARC vendor probably doesn't support
When a sending server can't establish a TLS connection to your mail server
e.g. a certificate mismatch, expired cert, DANE validation failure, MTA-STS policy violation
TLS-RPT sends you a report
without it, encrypted delivery fails silently
you'd never know that a major sender has been falling back to plaintext (or not delivering at all) for weeks
-
TLS-RPT: the protocol your DMARC vendor probably doesn't support
When a sending server can't establish a TLS connection to your mail server
e.g. a certificate mismatch, expired cert, DANE validation failure, MTA-STS policy violation
TLS-RPT sends you a report
without it, encrypted delivery fails silently
you'd never know that a major sender has been falling back to plaintext (or not delivering at all) for weeks
-
TLS-RPT: the protocol your DMARC vendor probably doesn't support
When a sending server can't establish a TLS connection to your mail server
e.g. a certificate mismatch, expired cert, DANE validation failure, MTA-STS policy violation
TLS-RPT sends you a report
without it, encrypted delivery fails silently
you'd never know that a major sender has been falling back to plaintext (or not delivering at all) for weeks
-
Eine weitere sehr gute Nachricht in dieser Woche ist, dass der deutsche E-Mail-Dienst Posteo, nachdem er 2016 schon erfolgreich nach Version 1 der BSI TR-03108 zertifiziert wurde, gestern vom @bsi die Zertifizierung für die Version 2 erhalten hat 💪😊 Das Zertifizierungsverfahren wird mit einer unabhängigen Prüfstelle anhand der zur TR gehörigen Prüfspezifikation durchgeführt und ist echt nicht ohne. Auch die Anforderungen sind mit der Version 2 nochmal deutlich gestiegen, z.B. muss TLS-Reporting ein- und ausgehend implementiert werden. Hut ab 🎩👌 :drake_like:
https://posteo.de/blog/posteo-erh%C3%A4lt-bsi-zertifizierung-f%C3%BCr-sicheren-e-mail-transport
-
Die kürzlich veröffentlichte Cyber-Sicherheitsempfehlung "Upgrade für die E-Mail-Sicherheit" ist ein Paradebeispiel für die lösungsorientierte Zusammenarbeit zwischen verschiedenen Abteilungen im BSI. Nur so konnten wir praxisnahe Empfehlungen aussprechen, die auf Beobachtungen der echten Welt da draußen beruhen. Oft können Unternehmen, die E-Mails über eine eigene Domain senden und empfangen, nämlich schon mit überschaubaren Aufwand ihre Sicherheit deutlich verbessern.
#MailSecurity #TeamBSI #SPF #DKIM #DMARC #STARTTLS #DNSSEC #DANE #MTASTS #TLSRPT
-
Claudia Plattner, President of German BSI, has just been featured in an article on email security in eco's dotmagazine. It's a wake up call and invitation to enhance email security in a joined effort :blobs:
I like it :ablobsmile:
#SPF #DKIM #DMARC #DANE #TLSA #MTASTS #TLSRPT #Mailsecurity #TeamBSI @bsi
-
The Internet Security Days 2024 marked the starting point for a new effort by eco and @bsi to raise adoption of modern email security standards across Germany and worldwide. I'm honored that I was allowed to shape some of the contents of this great event and mailsecurity is finally getting the attention it deserves 💌 :blobcatthx:
https://international.eco.de/news/internet-security-days-2024-it-security-for-email-ai-and-nis2/
#DMARC #SPF #DKIM #DANE #TLSA #MTASTS #TLSRPT #Mailsecurity #TeamBSI
-
did _not_ install MTA-STS today, as it's a mere quick-fix for mail domains that don't have DNSSEC yet. But I did install TLSRPT on my DNSSEC & DANE enabled domains. First (empty, cause everything is fine) reports from Google are coming in 👍
-
I very much recommend this article on #EmailSecurity written by my colleague Kristina for eco's dotmagazine :blobcatreading: It'll give you a brief overview on both of our Technical Guidelines (BSI TR-03108 and BSI TR-03182) and what we released them for 😀👍
#SPF #DKIM #DMARC #DANE #TLSA #MTASTS #TLSRPT #Mailsecurity #TeamBSI
-
#Email can be confusing. There's the big three -- #SPF, #DKIM, and #DMARC -- but do you know how to test #MTASTS, #DANE, #TLSRPT, or #BIMI? And what about #DNSSEC?
My colleagues have asked me the same questions, so my new#opensource #PowerShell module goes out to every sysadmin, #Office365 administrator, account manager, #mailsec worker, and help desk technician out there. MailPolicyExplainer will explain it all to you. https://github.com/rhymeswithmogul/MailPolicyExplainer
-
Hey @Vivaldi noticed that vivaldi.net is one of the all-greens on Hardenize.
I'd move my mails to vivaldi.net, but I have size worries, still use other providers, & own domain.
Do you have any plans to implement paid size plan, & features like automatic IMAP fetch, external sending SMTP, own domain management?#vivaldi #netsecurity #netsec #websecurity #websec #mailsecurity #mailsec #dnssec #dane #tls #tlsrpt #mtasts #spf #dmarc #dkim #security #privacy