I have done some testing via my own tool and published results on
https://blog.lindenberg.one/EmailSecurityTest.
Gmx and web.de do support SMTP-DANE (with bugs), outlook and gmail don´t.
outlook and gmail also support MTA-STS at least partially. Proton support
SMTP-DANE inbound only. Yahoo don´t know (yet). Not sure the table (html) will
pass through the mailing list.
Web.de
Gmx
Gmail
Outlook
T-Online
SMTP-DANE
✓(1) / ✓
✓(1) / ✓
✗ / ✗
✓ / ✗
✗ / ✗
MTA-STS
✗ / ✗
✗ / ✗
✓(2) / ✓
✓ / ✓
✗ / ✗
SPF
✓ / ✓
✓ / ✓
✓ / ✓
✓ / ✓
✗ / ✗
DKIM
✓ / ✓
✓/ ✓
✓ / ✓
(3) / ✓
✗ / ✓
DMARC
(4) / ✗
(4) / ✗
(4) / ✓
(4) / ✓
✗ / ✗
outbound / inbound , ✓ supported, ✗ not supported.
1. SMTP-DANE buggy but ok with trusted certificates
2. MTA-STS policy caching not conforming to RFC 8461
3. *.com and customer domains yes, others using ARC
4. Policy contains (s)p=none
For customer domains, provider and owner need to cooperate
In essence 50%+ of German users can be reached with SMTP-DANE.
If you are missing your provider, trigger a test. SPF,DKIM,DMARC inbound
require a separate test (with hum interpration) that can be requested at
e...@it.lindenberg.one <mailto:e...@it.lindenberg.one> .
Regards,
Joachim
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
