On 1/31/19 2:10 AM, Jeremy Harris via Exim-users wrote: > On 31/01/2019 09:47, sqit via Exim-users wrote:
>> Forgive me if there has already been a thread on this but I didn't see one. Is MTA-STS policy validation being considered for the Exim development roadmap?
>
> Not by me. The requirement to involve an http server puts me off.
>
> I can't speak for other Exim devs, and contributions are generally
> welcome - if they come with testsuite coverage and preferably some
> indication of actual use in-the-wild.
>
One thing I am hoping is that an update to the standard will be
published that allows the mode (enforce or testing or none) to be
published in the DNS record for MTA-STS.
When the zone is DNSSEC signed, the MX record could then be trusted and
there would be no need to query the https server.
Querying the https server would still be needed to secure the MX hosts
for zones that are not signed.