It's worth noting that the _mta-sts record can *also* be a CNAME, and a host's policy can be served *generically* via a reverse proxy + ACME CA. This means that if you host your MX on (e.g.) O365 or GSuite, MTA-STS can be as easy as two CNAMEs.
-
-
-
Sure, but if those CNAMEs point at the mail provider, then you still have the problem that changing your MX record requires updating three things. It's better than nothing, but it's still the DNS provider who should be taking care of it.
- 4 more replies
New conversation -
-
-
I'm not overly worried about misconfigurations, because they'll be spotted pretty quickly. "gmail can't send me mails" is usually noted pretty fast.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.