Open thorsheim opened 8 years ago
1/2 are doable.
3 is not a point of this extension, there are others which can do SPF and related checks (and I'm using them).
4 would be nice but I have no idea how to execute it in the Mozilla API. Also, how would it work? There is no information about cert fingerprints in the email headers, so we would check what exactly? Existence of TLSA, without verifying?
Thanks for the ideas, if you feel like implementing either of them the patches are welcome
Another suggestion: Instead of relying on the headers to passively identify secure emails, rely on active identification such as correlating the intermediate mail servers with their corresponding results from a tool like: https://ssl-tools.net/mailservers