Modern Email
Online tooling to check mail config [internet.nl etc.]
<p>This talk I will go over some FOS (online) tooling to check your mail config. Some common misconfigurations in DNS. Why you should probably want to avoid <code>www CNAME @</code>, and how to config other observations from the <a href="https://www.forumstandaardisatie.nl/metingen/informatieveiligheidstandaarden">biannual measurements</a> of scanning more than 10.000 governmental host names in The Netherlands. After this talk you'll know at least one DNS or security improvement for your own or organization domain, or something to monitor for your email.</p>
<p>Online tools:
- <a href="https://github.com/internetstandards/Internet.nl/">the free open source</a> <a href="https://internet.nl">Internet.nl</a> (in the project team) [IPv6, DNSSEC, SPF, DMARC, DKIM, STARTTLS, DANE inbound]
- <a href="https://github.com/internetstandards/havedane/">the free open source</a> <a href="https://havedane.net/">haveDANE.net</a> (adopted/hosted by platform behind internet.nl) [interactive DANE outbound]
- <a href="https://github.com/zonemaster/zonemaster/">the free open source</a> <a href="https://www.zonemaster.net/">zonemaster.net</a> [DNS]
- <a href="https://github.com/dnsviz/dnsviz/">the free open source</a> <a href="https://dnsviz.net/">DNSViz.net</a> [DNS]</p>
<p>Run yourself:
- <a href="https://codeberg.org/glts/spftrace">the free open source</a> <a href="https://docs.rs/crate/spftrace/latest">spftrace</a> [SPF]
- <a href="https://github.com/testssl/testssl.sh">the free open source</a> <a href="https://testssl.sh/">testssl.sh</a> [STARTTLS]</p>
<p>And a split second for some links to non FOS tooling that is useful, and maybe be made open source (there is no sell of a product nor ads), or should be re-created:
- https://www.email-security-scans.org
- https://www.huque.com/bin/danecheck-smtp
- https://dane.sys4.de</p>
<p>(Free but commercial that needs a FOS alternative: https://www.mail-tester.com & https://emailspooftest.com)</p>
<hr />
<p>In 2025 I gave a 45 minute talk on WHY2025 <a href="https://media.ccc.de/v/why2025-258-how-not-to-configure-your-domainname-internet-nl">How (not) to configure your domainname [internet.nl] (recording)</a> about internet standards / misconfigurations in both website and email space. In this talk I want to focus on the mail part and (online) free open source tooling to check your mail config.</p>
<p>This presentation will touch on:
- DNSSEC (<a href="https://datatracker.ietf.org/doc/html/rfc4033">RFC 4033</a> and many more), some common failures (e.g. CNAME's)
- why not CNAME to your apex domain (if you have an Mx record)
- use Null MX (<a href="https://datatracker.ietf.org/doc/html/rfc7505">RFC 7505</a>) (if you don't use mail on a hostname)
- why configuration SPF (<a href="https://datatracker.ietf.org/doc/html/rfc7208">RFC 7208</a>) on all hostnames
- why there are more reasons to avoid CNAME's
- why enable DANE (<a href="https://datatracker.ietf.org/doc/html/rfc6698">RFC 6698</a>) and TLSRPT (<a href="https://datatracker.ietf.org/doc/html/rfc8460">RFC 8460</a>) and why it's superior to MTA-STA (<a href="https://datatracker.ietf.org/doc/html/rfc8461">RFC 8461</a>), how to rotate DANE
- why monitoring matters (IPv6, DANE, SPF, etc.)</p>
Additional information
| Live Stream | https://live.fosdem.org/watch/k4201 |
|---|---|
| Type | devroom |
| Language | English |
More sessions
| 1/31/26 |
<p>Introduction to the Modern Email DevRoom</p>
|
| 1/31/26 |
<p>There are almost half a dozen new opensource webmail systems that you can host yourself now, after a decade of little development. One of them is so good that after testing it for my work, I've grown to use it almost every day privately. Several of their developers attend FOSDEM this year and may talk about their software in depth, this talk covers them as a group. It's mostly for an audience that (may) want to self-host (again).</p> <p>What sets the new webmail systems apart from the old ...
|
| 1/31/26 |
<p><a href="https://opencloud.eu/en">OpenCloud</a> is a production-ready Open Source "Drive" solution for storing and sharing files, and we are adding a Groupware stack to all that.</p> <p>We'd like to present our concept (especially regarding the integration of the other services in our stack, namely OpenCloud Drive and <a href="https://opentalk.eu/en">OpenTalk</a>) as well as what we have so far in terms of our implementation, which extensively uses JMAP in its middleware, in combination with ...
|
| 1/31/26 |
<p>Parula: Updates on the progress</p> <h3>Apps</h3> <ul> <li>Calendar and invitations</li> <li>WebApps</li> </ul> <h3>Protocols</h3> <ul> <li>SML: Poll, Meeting time poll, Book me</li> <li>JMAP Contacts - First app to support this new RFC standard</li> <li>JMAP Calendar (soon)</li> </ul> <h3>Platforms</h3> <ul> <li>Mobile apps for Android and iOS app (alpha)</li> </ul> <h3>Links</h3> <ul> <li><a href="https://parula.app">Website</a></li> <li><a ...
|
| 1/31/26 |
<p>In 2025, Thunderbird did something it hasn't done in over 20 years, since before even its first stable release in 2004: it grew built-in support for a new email platform. This new platform is Microsoft Exchange, the backbone of some of Microsoft's biggest communications and productivity tools.</p> <p>This talk will briefly go over the step we took to try to define how to support new platforms and protocols in an old code base, and the challenges we encountered as we worked our way towards ...
|
| 1/31/26 |
<p>An update to my 2018 KDE Kontact / E-Mail talk showing the status and problems of an enterprise user of Kmail and Co. This was eight years ago, let's check what has changed and where we need to do better:</p> <p>https://www.youtube.com/watch?v=H8SVe6wISmY "Having been a KDE user almost from the start, over the years I have learnt lots of troubleshooting, hacking and optimizing settings in Kmail, Kontact, KDE and Akonadi. And I would like to share and learn more :-)</p> <p>I am using Kontact ...
|
| 1/31/26 |
<p>A fast-forward dialog about the state of email and security.</p> <p>In our talk we will point out real examples and funny stories as well as some interesting tools and how to combine them into a holistic mail security concept.</p> <p>We will cover famous things like the need of unencrypted Pop3, FOME - the fear of missing email, postmasters nightmare with dmarc, dkim, spf in between security and comfort focused users, arc - the layered chain of postmasters of trust - and many more. Yes, ...
|
