Home

The Email Security Geek

Ramblings, guides and more about email security

ProtonMail is an end-to-end encrypted email provider based in Switzerland that aims to bring secure, encrypted services to the masses. Founded in 2013 by CERN researchers, it currently has around 20 million users.

Web Key Directory (WKD) allows hosting of public PGP keys without maintinaing a Web Key Server (WKS). This way, compatible services can automatically fetch a recipient's public PGP key and seamlessly encrypt messages without needing to ask the recipient for their key beforehand.

Part of deploying MTA-STS is having access to a web server that is secured by SSL. If you don't currently have access to one, it becomes a roadblock in the deployment process. This article will show you how to use GitHub Pages to host the MTA-STS policy if you don't have a web server available.

MTA-STS (Mail Transfer Agent Strict Transport Security) is a new standard (defined in RFC8461) that aims to improve the security of SMTP by enabling domains to opt into a mode that requires authentication with valid public certificates and encryption (TLS). MTA-STS forces a TLS connection, preventing suppression of the STARTTLS upgrade, and defines what the MX records should be for a domain, therefore preventing DNS query interception to redirect to another MX record by a malicious party.