email/README.md
2024-04-24 15:37:05 +02:00

7.5 KiB

email

Information about how to configure email servers, services, etc.

Note: Some content is focused on Germany.

Verbindungen

  • E-Mail-Client <--> E-Mail-Server
  • E-Mail-Server <--> E-Mail-Server <-- in diesem Repository geht es hauptsächlich um diese Art von Verbindungen.

Wichtige Funktionen

  • SPF
    • Sender Policy Framework
    • https://en.wikipedia.org/wiki/Sender_Policy_Framework
    • SPF is an email validation protocol designed to detect and block email spoofing by verifying sender IP addresses against the email domain's authorized senders list published in DNS records.
  • DKIM
    • DomainKeys Identified Mail
    • https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
    • DKIM is an email authentication method that allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain through cryptographic signatures.
  • DMARC
    • Domain-based Message Authentication, Reporting and Conformance
    • https://en.wikipedia.org/wiki/DMARC
    • DMARC is an email authentication, policy, and reporting protocol that builds on SPF and DKIM to enhance the domain owners' ability to prevent their domains from being used for email spoofing, phishing scams, and other cybercrimes.
  • DNSSEC
  • DANE
    • DNS-based Authentication of Named Entities
    • https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
    • DANE is a protocol used to secure internet connections by allowing DNS records to specify what certificates are trustworthy for a given domain, preventing attacks on the TLS (Transport Layer Security) protocol.
    • DANE can only be used effectively if DNSSEC is enabled.
  • MTA-STS
    • Message Transfer Agent, Strict Transport Security
    • https://en.wikipedia.org/wiki/MTA-STS
    • MTA-STS is a security standard used to enforce transport layer (TLS) encryption and authenticate email in transit between servers, preventing interception and tampering by mandating HTTPS for SMTP connections.
    • With MTA-STS a TLS encryption is enforced while with StartTLS a TLS encryption is optional.

Testing

Testing Allgemein

Testing DNSSEC

DNSSEC New

Wissen

Hoster

Allgemein

Microsoft

Hoster: IONOS

Hoster: Strato

Hoster: Hetzner

DNSSEC

Welche Hoster, Internetdienstanbieter, etc. unterstützen DNSSEC und welche nicht?

DNSSEC wird unterstützt

  • IONOS (1&1)
  • Strato
  • Microsoft Outlook 365

DNSSEC wird nicht unterstützt

  • Hetzner

Prüfen