How DNSBLs Work

Ff you’ve dealt with email for any longer than 5 minutes (as an administrator), you already know it’s a mess. There’s so many security measures, so many checks, so many things to combat bad actors and spam. What if we had some way to have some service publish a list of bad DPs, and mail servers could quickly check that mid-transaction so they can have up-to-date information as to if the in-flight message should actually be accepted or not?

Well, we have exactly that. Enter: the DNS Blacklist.

MTA-STS Is a Thing... Well Then (also feat. TLSRPT)

If you’re just curious, MTA-STS relates to SMTP, in the same way that HSTS relates to HTTP. Except, naturally, it relies on, you get three guesses… yes, DNS. And this is what it is, and how to set it up.

Publishing SSH Fingerprints in DNS

So here’s the thing about SSH: The first time you connect to a server, you have no real idea of if that’s legitimate or not, right? Well, you could compare the key fingerprint to the fingerprint that the server admin gave you and make sure they match, but nobody does that.

Well… there is a way. Using everyone’s favorite always-broken service, DNS.

PGP Key Discovery Mechanisms Explained

Okay, final thing on PGP after talking about PGP itself and Signature and trust levels, we have… How you can get someone else’s public key.

There’s a few common ways to do this:

• Keyservers
• Web Key Directory
• DNS
  • CERT record
  • PKA TXT record
  • DANE OPENPGPKEY record

Let’s discuss how they all work.

An Open Letter to Most Email Notifications

Abstract: You suck, and do not know not to manage many of the security aspects of email.