Die kürzlich veröffentlichte Cyber-Sicherheitsempfehlung "Upgrade für die E-Mail-Sicherheit" ist ein Paradebeispiel für die lösungsorientierte Zusammenarbeit zwischen verschiedenen Abteilungen im BSI. Nur so konnten wir praxisnahe Empfehlungen aussprechen, die auf Beobachtungen der echten Welt da draußen beruhen. Oft können Unternehmen, die E-Mails über eine eigene Domain senden und empfangen, nämlich schon mit überschaubaren Aufwand ihre Sicherheit deutlich verbessern.

https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/Upgrade-E-Mail-Sicherheit_250526.html

#MailSecurity #TeamBSI #SPF #DKIM #DMARC #STARTTLS #DNSSEC #DANE #MTASTS #TLSRPT

Think you have your email hosted with @protonprivacy's Proton Mail set up right?
Your DMARC, SPF, DKIM, and TLS-RPT are all in order because DNS is easy, but what about MTA-STS?

See @wonderfall's "Setting up MTA-STS with a custom domain on Proton Mail"

https://wonderfall.dev/mta-sts/

#MTASTS #DMARC #SPF #DKIM #TLSRPT #DNS #ProtonMail #Email

My presentation on #TLSRPT, which I gave at #FOSDEM25 this weekend, is online: https://video.fosdem.org/2025/k4601/fosdem-2025-5776-tlsrpt-comes-to-open-source.av1.webm

The audio is low volume because unfortunately my mic was muted for most of the time. Wearing a headphone worked for me when I watched ist.

I enjoyed giving a presentation on #TLSRPT yesterday at #fosdem25 very much. It brings the best out of me when I stand in front of an audience, especially when I’m given the opportunity to speak about email security. If you want to know more about #TLSRPT check my slides: https://sys4.de/fosdem/tlsrpt.html.

Going to FOSDEM? Join me at the „modern email“-track https://fosdem.org/2025/schedule/track/modern-email/ and listen to my presentation on TLSRPT: https://fosdem.org/2025/schedule/event/fosdem-2025-5776-tlsrpt-comes-to-open-source/

My company @sys4 developed a free low-level C-library and a tlsrpt-reporter so TLSRPT can come to Open Source. Together with Wietse Venema we’ve implemented it in Postfix. The upcoming version 3.10 will ship it: https://www.postfix.org/TLSRPT_README.html. Documentation to show you how to set the report service up and use it is on the way.#postfix #TLSRPT

Claudia Plattner, President of German BSI, has just been featured in an article on email security in eco's dotmagazine. It's a wake up call and invitation to enhance email security in a joined effort :blobs:

I like it :ablobsmile:

https://www.dotmagazine.online/issues/digital-security-trust-consumer-protection/enhancing-email-security

#SPF #DKIM #DMARC #DANE #TLSA #MTASTS #TLSRPT #Mailsecurity #TeamBSI @bsi

The Internet Security Days 2024 marked the starting point for a new effort by eco and @bsi to raise adoption of modern email security standards across Germany and worldwide. I'm honored that I was allowed to shape some of the contents of this great event and mailsecurity is finally getting the attention it deserves 💌 :blobcatthx:

https://international.eco.de/news/internet-security-days-2024-it-security-for-email-ai-and-nis2/

#DMARC #SPF #DKIM #DANE #TLSA #MTASTS #TLSRPT #Mailsecurity #TeamBSI

#MTA-STS is een light versie van #DANE, maar lastiger op te zetten. Heb je eenmaal #DNSSEC, dan kun je beter DANE toepassen.

Interessant is dat je #TLSRPT ook in combinatie met DANE kunt gebruiken!

#InternetSecurity #infosec

did _not_ install MTA-STS today, as it's a mere quick-fix for mail domains that don't have DNSSEC yet. But I did install TLSRPT on my DNSSEC & DANE enabled domains. First (empty, cause everything is fine) reports from Google are coming in 👍

#DNSSEC #DANE #TLSRPT #DNSsecurity #InternetSecurity

I very much recommend this article on #EmailSecurity written by my colleague Kristina for eco's dotmagazine :blobcatreading: It'll give you a brief overview on both of our Technical Guidelines (BSI TR-03108 and BSI TR-03182) and what we released them for 😀👍

https://www.dotmagazine.online/issues/building-trust-in-the-digital-world/trust-2024-csa-summit/secure-email-communication

#SPF #DKIM #DMARC #DANE #TLSA #MTASTS #TLSRPT #Mailsecurity #TeamBSI

#Email can be confusing. There's the big three -- #SPF, #DKIM, and #DMARC -- but do you know how to test #MTASTS, #DANE, #TLSRPT, or #BIMI? And what about #DNSSEC?

My colleagues have asked me the same questions, so my new#opensource #PowerShell module goes out to every sysadmin, #Office365 administrator, account manager, #mailsec worker, and help desk technician out there. MailPolicyExplainer will explain it all to you. https://github.com/rhymeswithmogul/MailPolicyExplainer

Hey @Vivaldi noticed that vivaldi.net is one of the all-greens on Hardenize.
I'd move my mails to vivaldi.net, but I have size worries, still use other providers, & own domain.
Do you have any plans to implement paid size plan, & features like automatic IMAP fetch, external sending SMTP, own domain management?

#vivaldi #netsecurity #netsec #websecurity #websec #mailsecurity #mailsec #dnssec #dane #tls #tlsrpt #mtasts #spf #dmarc #dkim #security #privacy

Every SMTP TLS Reporting (RFC 8460) tutorial anywhere suggests adding #TLSRPT DNS records to *receive* TLS reports. From whom? If no-one (except for Google) is sending them, how would everyone magically receive any? We need a solution & tutorials for sending SMTP TLS reports, too! Do you know any?