Home

The Email Security Geek

Ramblings, guides and more about email security

Web Key Directory (WKD) allows hosting of public PGP keys without maintinaing a Web Key Server (WKS). This way, compatible services can automatically fetch a recipient's public PGP key and seamlessly encrypt messages without needing to ask the recipient for their key beforehand.

Part of deploying MTA-STS is having access to a web server that is secured by SSL. If you don't currently have access to one, it becomes a roadblock in the deployment process. This article will show you how to use GitHub Pages to host the MTA-STS policy if you don't have a web server available.

MTA-STS (Mail Transfer Agent Strict Transport Security) is a new standard (defined in RFC8461) that aims to improve the security of SMTP by enabling domains to opt into a mode that requires authentication with valid public certificates and encryption (TLS). MTA-STS forces a TLS connection, preventing suppression of the STARTTLS upgrade, and defines what the MX records should be for a domain, therefore preventing DNS query interception to redirect to another MX record by a malicious party.