The Email Security Geek

Ramblings, guides and more about email security

At long last, and without much fanfare but a mere byline in the new macOS Monterey website, Apple has launched support for custom domains in iCloud+. For those who did not watch the keynote, iCloud+ is just a new name for the paid tiers of iCloud. If you've bought extra storage, then you've got iClo...

ProtonMail is an end-to-end encrypted email provider based in Switzerland that aims to bring secure, encrypted services to the masses. Founded in 2013 by CERN researchers, it currently has around 20 million users.

Web Key Directory (WKD) allows hosting of public PGP keys without maintinaing a Web Key Server (WKS). This way, compatible services can automatically fetch a recipient's public PGP key and seamlessly encrypt messages without needing to ask the recipient for their key beforehand.

Part of deploying MTA-STS is having access to a web server that is secured by SSL. If you don't currently have access to one, it becomes a roadblock in the deployment process. This article will show you how to use GitHub Pages to host the MTA-STS policy if you don't have a web server available.

MTA-STS (Mail Transfer Agent Strict Transport Security) is a new standard (defined in RFC8461) that aims to improve the security of SMTP by enabling domains to opt into a mode that requires authentication with valid public certificates and encryption (TLS). MTA-STS forces a TLS connection, preventing suppression of the STARTTLS upgrade, and defines what the MX records should be for a domain, therefore preventing DNS query interception to redirect to another MX record by a malicious party.