SMTP Strict Transport Security (SMTP STS) and OpenDNS and Yahoo Email on iMac Apple Mail
Can OpenDNS help secure a Yahoo IMAP account on the Apple Mail program by providing something similar to "special DNS records added to the email server’s domain name." (Please see description of SMTP STS below the dashed line)
A user with a Yahoo email account was prevented from accessing Yahoo via IMAP and the Apple Mail program because apparently the Apple Mail app doesn't support SMTP STS. The user doesn't wish to stop using the Apple Mail program. I had them change their Yahoo mail settings to "Allow apps that use less secure sign in" so that they could continue to receive email using IMAP
The user is a customer of Cisco OpenDNS Umbrella with an actively protected network.
How well are they protected?
Thank you
------------------------
"The newly proposed SMTP Strict Transport Security (SMTP STS) addresses both of those issues. It gives email providers the means to inform connecting clients that TLS is available and should be used. It also tells them how the presented certificate should be validated and what should happen if a TLS connection cannot be safely negotiated.
These SMTP STS policies are defined through special DNS records added to the email server’s domain name. The protocol provides mechanisms for clients to automatically validate these policies and to report back on any failures."
A user with a Yahoo email account was prevented from accessing Yahoo via IMAP and the Apple Mail program because apparently the Apple Mail app doesn't support SMTP STS. The user doesn't wish to stop using the Apple Mail program. I had them change their Yahoo mail settings to "Allow apps that use less secure sign in" so that they could continue to receive email using IMAP
The user is a customer of Cisco OpenDNS Umbrella with an actively protected network.
How well are they protected?
Thank you
------------------------
"The newly proposed SMTP Strict Transport Security (SMTP STS) addresses both of those issues. It gives email providers the means to inform connecting clients that TLS is available and should be used. It also tells them how the presented certificate should be validated and what should happen if a TLS connection cannot be safely negotiated.
These SMTP STS policies are defined through special DNS records added to the email server’s domain name. The protocol provides mechanisms for clients to automatically validate these policies and to report back on any failures."
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No idea about OpenDNS.
SMTP STS draft uses TXT DNS records and should work on any DNS server from last 30 years.
You have problems with IMAP SHA1 cert and SSL v3.0 being diabled, and you must upgrade your mail client.
SMTP STS draft uses TXT DNS records and should work on any DNS server from last 30 years.
You have problems with IMAP SHA1 cert and SSL v3.0 being diabled, and you must upgrade your mail client.
ASKER