[AusNOG] Issues receiving from TPG Mail servers.

Mal malz at jetlan.com
Mon Jul 23 20:54:58 EST 2018

On 23/07/2018 7:04 PM, James Hodgkinson wrote:
> I think we all need to step back a bit, let OP do what his auditor feels
> is right, then thank him on behalf of EFF’s StartTLSEverywhere
> project... [1]
> ;)
> James
> [1] https://starttls-everywhere.org

Whilst i agree with the early comments that SMTP might not be the best
exchange mechanism here for the actual payment card information, this
could be a solution using of a pair of MTAs configured with DANE TLSA

Using StartTLS with DNSSEC and DANE TLSA in place would likely have PCI
compliance, as you can guarantee the end-to-end hosts, and guarantee TLS
usage.  The participating MTAs would need to be configured for 'DANE
only' to ensure compliance.  Therefore, not part of any general email
infrastructure, as most domains lack DNSSEC signing in the first place,
let alone anything else.


More information about the AusNOG mailing list