Mailhardener

@KentBehrends @postmarkapp We sure do! Contact us via email and we'll have a chat

@mailhardener I was wondering if you had an API to access DMARC reports. I am writing a free iOS utility app for people who need to troubleshoot email. I've already integrated @postmarkapp DMARC reports and am looking for other vendors. Let me know!

@rwllr Hi Raphael, yes this actually already available for our MSP customers, and will eventually be rolled out to every tier.

@mailhardener is API access to reports/data on the roadmap?

We've released a new article that explains how to adopt DANE (TLSA) for SMTP with just a few OpenSSL commands. Read it here: mailhardener.com/kb/how-to-crea…

Do you have parked or other domains that are not used for email? You probably want to do some hardening! mailhardener.com/kb/hardening-u…

Introducing AIM and multi-tenant support! This enables new use-cases, such as isolating users to their own environment, or giving read-only access to auditors. Let us know what you think! mailhardener.com/blog/introduci…

Exciting times! Microsoft releases DANE (TLSA) support for email (and so did we!) mailhardener.com/blog/microsoft…

We are excited to introduce BIMI asset hosting as the latest addition to the Mailhardener email hardening suite! mailhardener.com/blog/introduci…

@freddieleeman I guess this is an example on how hard parsing can be. And how many subtle nuances there always will be between different parsers. Given how many various answers there are by various validators (including our own), you cannot just assume the receiver does it correctly.

@mailhardener RFC7208 #4.6.4: the number of mx resource records is included in overall limit of 10. Each can do up to 10 additional a/aaaa lookups. So when referring to the 'permerror' DNS lookup limit, the answer is (4xa + 3xmx) 7. This is confirmed by the SPF Tool created by the RFC author.

How many "additional DNS lookups" are triggered by cia.gov's SPF policy? ¯\_(ツ)_/¯

@freddieleeman The 'mx' and 'mx:cia.gov' rules in the SPF record are equal (thus duplicates), so there are 4*A and 2*MX lookups. Then, the two MX lookups result in 4 domain names, 2 of which were already in the SPF itself. So this adds 2 additional 'A' lookups. 4+2+2 = 8.

Confirmed: hosted Exchange (Office 365) unintentionally discloses BCC recipient domain to all other recipients, write here: mailhardener.com/blog/office-36…

mailhardener.com/blog/office-36… Office 365 is reported to leak the domain name of a BCC recipient in certain cases.

Ever had deliverability issues due to the SPF DNS lookup limit? Today we explain what this is, and how to fix it. mailhardener.com/blog/spf-looku…

@joffaMac @klos So the validator (mailhardener.com/tools/bimi-val…) tries to be as strict as possible, but the dashboard will show a green check for any BIMI selector. Having a BIMI record for your domain won't change the domain rating in the Mailhardener dashboard.

@joffaMac @klos The BIMI standard itself still in draft phase. The latest draft (BIMI-01) removed the support for a=self. The Mailhardener dashboard shows you that you have a BIMI selector (named 'default'), but it won't do validation yet. We'll add validation once the BIMI standard is final.

@mailhardener 1/2 Hi guys, I tested many similar apps, and I love Mailhardener. UX is great. The dashboard is easy to understand. Great step-by-step approach. The only thing I need that is missed right now is some help with the BIMI record. Please, add at least a validation!

@klos Hi Jan, just a followup on your message from the other day. Mailhardener now has BIMI validation and monitoring support! You can validate your domain here: mailhardener.com/tools/bimi-val…

@klos Hi Jan! Thanks for the kind words! :-) We are working on integrating BIMI validation, it'll be available soon! Keep an eye on mailhardener.com/tools/

Good news everyone! Microsoft has embraced SMTP TLS reporting, and is now sending SMTP TLS reports! mailhardener.com/blog/microsoft…

@klos Have you seen our knowledge base on everything about email hardening? mailhardener.com/kb/

2/2 Also, it would be great to have more guidelines about different settings, eg. what are the consequences of different MTA-STS modes? Some people recommend leaving "testing" until the standard will become more popular, etc. Besides that, great work.

New vulnerability disclosure on my blog! The Confused Mailman: Sending #SPF and #DMARC passing mail as any #Gmail or #GSuite customer ezh.es/blog/2020/08/t… #infosec