Haha! Cheers 🙂

Thanks

I'll add it to the ideas list, thanks!

Thanks 🙂

You're welcome 🙂

You don't have to use MTA-STS, but it is another security improvement you can add to your list.

@Pro Trch Show thanks for the answer. Then I don't understand what's the difference between activating the "RequireTls" option and using MTA STS. If RequireTLS ensure the use of TLS and not StartTLS then there is no issue with possible MITM attacks which could remove the 250 STARTTLS and then MTA STS is useless, no ?

@@arbilus5296 enforcing TLS on your receive connector won't prevent MitM because the sender only becomes aware of your enforcement once they've connected to your server. If someone positions themselves in the middle they can offer plaintext to the sender and that's all they will see. Your RequireTLS setting only forces the attacker to connect securely to you if they want to pass the message on. If you had MTA-STS set up then the sender could see your policy to require authenticated TLS before they attempted a connection and would refuse to use the MitM service that didn't match your MTA-STS policy.

It's a topic by itself to cover encryption and digital signatures, but... Usually, they're stored as files or a registry value - but data either way. They can be used for many purposes, but generally speaking they provide proof of identity, proof data hasn't been changed, and a key that can be used to send encrypted data to the owner of the certificate. For a website you'd use it to prove the identity of the website and to encrypt your connection to it. With software you'd use it to prove the author of the software and that it hasn't been tampered with. With email you'd use it to encrypt an email and/or prove the identify of the sender.

@@ProTechShow thank you❤️

Many a person has declared email dead over the years, but so far its use grows year-on-year. I'll believe it when I see it! Instant messaging serves a different use case, so I think we'll see both continue. The other big difference is that email is completely interoperable and has no vendor lock-in. I can move my mailbox from Microsoft to Google and it'll keep working and keep communicating with anyone on any platform. If you try to do the same Teams to Slack then keeping your data intact will be a nightmare and you can't talk to anyone on a different service (with some exceptions).

TBH I haven't been following the Parler stuff very closely. My biggest surprise is that people are surprised. If you use someone else's platform you play by their rules. There are plenty of other places to go... whether on-prem or cloud. I don't think it'll bother most companies as they're not likely to cause AWS a PR headache. If going full cloud it's not a bad idea to have a backout plan just in case, though. This scenario might not be likely to affect the average person, but what if AWS cranked the price up significantly? It's always useful to have a plan B so no one vendor can bend you over a barrel.

You're welcome

Hello. Interesting. I haven't come across that over here yet. I suspect interoperability would be a barrier to adoption. Technologies like MTA-STS and TLS are backwards compatible with traditional email, whereas it sounds like PEC only talks to PEC and there are a limited number of approved providers to choose from. Is it being promoted by the Italian government? It feels like something that would need to achieve a certain critical mass before people would be likely to use it over here.

@@ProTechShow Si è giusto. Per poter funzionare entrambe le caselle devono essere 'PEC". Tuttavia tieni presente che gli standard di sicurezza sono elevati di conseguenza garantiscono che il messaggio sia inalterabile, protetto ed arrivi con certezza nella casella di destinazione perché i provider invia due ricevute di accettazione ed avvenuta consegna. Lo so che fuori dall'Italia non esiste questa cosa ma se tutti la adottassero saremmo più sicuri da occhi indiscreti.