Page 1 of 1

Why it is good for you

Posted: Mon Dec 09, 2024 9:55 am
Along with privacy, security is one of our key priorities. We work very hard to provide our users with the most private and secure experience when using Mailfence. Many users, such as journalists or dissidents, use our service for sensitive communications. They are often targeted by advanced persistent threats. Over the past few years, we have launched a variety of new features to improve the security of all Mailfence users.

From DANE to MTA-STS, WKD and VKS, let's take a list of bosnia and herzegovina whatsapp phone numbers look at our security enhancements that help protect your data.

Mailfence - Get your free and secure email.

4.1 based on 177 user reviews


DNS-based Authentication of Named Entities (or DANE) and Mail Transport Agent Strict Transport Security (or MTA-STS) are two separate protocols that essentially address the same problem, commonly referred to as a downgrade attack . Simply put, an attacker is able to remove the encryption layer during the transport of emails. Therefore, it is important to have a mechanism in place to ensure that encryption is preserved in transport as emails move from one account to another.

In the early days of the Internet, servers sent and received email in plain text, without transport layer encryption. This meant that anyone monitoring the network could read or modify the message. After the advent of TLS, the email standard was adapted to include transport encryption if both the sending and receiving servers support it. However, attackers still have the ability to trick the sending server into passing plain text email if it advertises that the server does not support transport layer encryption.


How it works
MTA-STS is a protocol that guarantees email delivery using transport encryption (not to be confused with end-to-end encryption ) if the receiving server supports it. The sending email server looks up and finds the MTA-STS policy of the receiving mail server. Depending on what the receiving server's MTA-STS policy is, it will reject any attempt to remove the transport encryption layer. The sending server relies on a long cache time to prevent transient attacks. However, it has one drawback: each mail server must maintain its own cache. Also, a domain owner can set an MTA-STS policy, but has no way to enforce it.