View Single Post
Old 17 Oct 2016, 03:08 PM   #307
dgcom
Junior Member
 
Join Date: Jan 2010
Location: US, New Jersey
Posts: 22
Quote:
Originally Posted by brong View Post
fastmail.com. IN MX 5 evilhost.evilsite.com
Yeah, you are correct... I stopped caring over SMTP servers for some time already and forgot that MX record is also resolved indirectly, like this. But shouldn't DNSSEC take care of this? And better analysis of SPF - in order to hide itself complitely, active proxy would have to spoof both sides of the transport connection...

But look - my point from the beginning was this - I, personally, don't trust mail transport encryption - because of all discussed above. If I have to, I'll encrypt message itself - PGP or S/MIME...

What I care is a reputation of the provider I use - if there is a widely available tool, which shows that FastMail is inferior - that's a bad sign... And needs to be fixed, even if it does not help from technical point of view that much...
dgcom is offline   Reply With Quote