Feature requests

[thorsheim]

• Display SSL/TLS cipher suites used (for each step)
• ^^ using a graded score (see starttls.info for grading of RFC3207 starttls support on smtp servers)
• Integrate SPF check (& DKIM / DMARC)
• Integrate DANE TLSA checks (RFC7662) for verification of domain/host(s) from start to finish.

[gjedeer]

1/2 are doable.

3 is not a point of this extension, there are others which can do SPF and related checks (and I'm using them).

4 would be nice but I have no idea how to execute it in the Mozilla API. Also, how would it work? There is no information about cert fingerprints in the email headers, so we would check what exactly? Existence of TLSA, without verifying?

Thanks for the ideas, if you feel like implementing either of them the patches are welcome

[TjWallas]

Another suggestion: Instead of relying on the headers to passively identify secure emails, rely on active identification such as correlating the intermediate mail servers with their corresponding results from a tool like: https://ssl-tools.net/mailservers