On February 15th, I had the great pleasure of being a guest on RunAs Radio. I joined host Richard Campbell to discuss email transport security; including:
- Introductions
- Coauthoring Office 365 for IT Pros 8th Edition
- Clarifying the acronym soup
- Collecting all 11 RunAs Radio mugs
- Where is Exchange vNext?
- What happens to mail relay if we eliminate our last on-prem Exchange Server?
- How to make email transport more secure
- Forced TLS vs. Opportunistic TLS
- DANE for SMTP (DNS Authentication of Named Entities)
- MTA-STS (Message Transport Agent – Strict Transport Security)
- DANE versus MTA-STS versus Forced TLS
- How to make individual messages more secure
- Should we use S/MIME?
- Need for Office 365 Message Encryption in addition to transport layer security (TLS)
- Office 365 Message Encryption versus Advanced Message Encryption
- Challenges of Multi-Factor Authentication (“MFA”)
- M365 Maps by Aaron Dinnage
- Domains that do not send email should have Sender Policy Framework (SPF) records
- Homoglyph attacks
- Closing thoughts

Opinion change: Since recording, I think that even if the MTA-STS TXT record was victim to a man-in-the-middle attack it probably would not be much of an issue. If the bad actor changed the ID in the TXT it would simply tell the sender to pull a new policy from a website the recipient owns and controls. As mentioned in the podcast, I believe DANE is the more secure solution. Be sure to consult with your security team about which solution best suits the needs of your organization.
[Read more…] about RunAs Radio #818 – Email Transport Security