Den 12/04/2019 17:09, skrev Scott Kitterman:
On Friday, April 12, 2019 10:46:50 AM micah anderson wrote:
The site https://hardenize.com provides relatively decent Email reports,
along with other reports. It checks a number of things including certs,
MTA-STS, TLS-RPT, DANE, SPF, DMARC, and then also TLS. These are all
good checks and recommendations, with the exception of the TLS one, I do
not see how its possible to meet their standards, and provide an email
server on the internet. However, I could be wrong, so I'm interested to
know if I am.
If I followed their DMARC recommendation, that would translate into 90% of the
mail I send getting spam foldered or rejected. At a glance, I'm not convinced
this is any more than "let's make a list of all the things". For the parts I
looked at, I don't thinks it's all well thought through.
Scott K
I've been a betatester on Hardenize for quite some time, and the service
is being developed by Ivan Ristic (SSLLabs). I'll leave it to him to
explain and defend the considerations made, but afaik recommendations
are based on reading the RFCs and TLS recommendations overall. Yes, some
attacks are not realistic because smtp != https. For what's its worth,
the service is very helpful in showing people in shirt & tie how things
are, and how they preferably should be. Likewise with the tests at
internet.nl, or MECSA https://mecsa.jrc.ec.europa.eu
<https://mecsa.jrc.ec.europa.eu/>
.per
