Considering that DMARC, DKIM and SPF are all setup via DNS and are email protections. Would it not be prudent to also include checking and validation for the DNS based MTA-STS potocal and policy, checking the domain or hostname for an MTA-Strict Transport Security (MTA-STS) DNS TXT record and also for a valid MTA-STS Policy. When published, MTA-STS policies provide enhanced inbound protection for email being sent to your domain. This enhancement requires inbound mail being sent to your domain to be both authenticated (via proper Certificates) and encrypted (via TLS 1.2 or higher)?
MTA-STS also prevents spoofing and MITM attacks.
TLS-RPT is a standard that allows servers to report any issues, especially delivery failures, during the TLS encryption process. It is generally used with other security protocols that enforce TLS encryption, including MTA-STS, DANE, and STARTTLS.
Considering that DMARC, DKIM and SPF are all setup via DNS and are email protections. Would it not be prudent to also include checking and validation for the DNS based MTA-STS potocal and policy, checking the domain or hostname for an MTA-Strict Transport Security (MTA-STS) DNS TXT record and also for a valid MTA-STS Policy. When published, MTA-STS policies provide enhanced inbound protection for email being sent to your domain. This enhancement requires inbound mail being sent to your domain to be both authenticated (via proper Certificates) and encrypted (via TLS 1.2 or higher)?
MTA-STS also prevents spoofing and MITM attacks.
TLS-RPT is a standard that allows servers to report any issues, especially delivery failures, during the TLS encryption process. It is generally used with other security protocols that enforce TLS encryption, including MTA-STS, DANE, and STARTTLS.