|
|
|
|
|
|
by jrodom
3755 days ago
|
|
|
On issue #1, we're going to update the language around this in our control panel and put together better documentation. In reality, having MX records are important to allow for sender address verification [1], which many SMTP servers require. On issue #2, Thanks and apologies for the slow response, This ticket slipped under our radar. To give you a quick answer: we'll look into the approach you described in your blog post as well as RFC 6376. It seems legit but we'll need to do some more testing to ensure that deliverability does not suffer due to changing how we sign messages. If deliverability does suffer, we can always make this something that is an optional security setting that can be toggled, like how you can enable and disable TLS certificate validation now. Our security engineer will take a look and reach out to you with more details in the ticket. [1] https://en.wikipedia.org/wiki/Callback_verification |
|
|