On Thu, Jun 29, 2017 at 10:36 AM, Jeremy Harris <jgh@???> wrote:
> On 28/06/17 20:27, Phil Pennock wrote:
>> There could stand to be some privacy implications discussion too --
>> you're sending out, over the wire in unencrypted DNS packets, a
>> predictable derivation of the Reply-To: header received for every email
>> from a given domain.
>
> Perhaps we need DNS-over-TLS?
RFC 7858 (
https://tools.ietf.org/html/rfc7858)
But that only solves the issue partially.
Additionally, there is already a lot of DNS information leakage
regarding incoming (and often outgoing) e-mail.
There are DNS lookups for the sender and recipient domains, and in the
case of spam filtering, there are often additional DNS lookups in
DNSBLs for URIs found in the message content.
Ensuring that both the sending clients, outgoing MTA, the relay(s),
the MXes, and the recipient spam plugins and antivirus and receiving
clients all do DNS via TLS, seems like a very long way in coming.
Just look at the DNSSEC uptake. DNS over TLS is not going to happen
soon enough to make a difference here. :(
--
Jan
