The Email Security Geek

Ramblings, guides and more about email security

At long last, and without much fanfare but a mere byline in the new macOS Monterey website, Apple has launched support for custom domains in iCloud+. For those who did not watch the keynote, iCloud+ is just a new name for the paid tiers of iCloud. If you've bought extra storage, then you've got iClo...

Web Key Directory (WKD) allows hosting of public PGP keys without maintinaing a Web Key Server (WKS). This way, compatible services can automatically fetch a recipient's public PGP key and seamlessly encrypt messages without needing to ask the recipient for their key beforehand.

Part of deploying MTA-STS is having access to a web server that is secured by SSL. If you don't currently have access to one, it becomes a roadblock in the deployment process. This article will show you how to use GitHub Pages to host the MTA-STS policy if you don't have a web server available.

MTA-STS (Mail Transfer Agent Strict Transport Security) is a new standard (defined in RFC8461) that aims to improve the security of SMTP by enabling domains to opt into a mode that requires authentication with valid public certificates and encryption (TLS). MTA-STS forces a TLS connection, preventing suppression of the STARTTLS upgrade, and defines what the MX records should be for a domain, therefore preventing DNS query interception to redirect to another MX record by a malicious party.