Comprehensive collection of Messaging Security RFCs with search and categorization
28 RFCs found
Defines the REQUIRETLS SMTP extension that allows senders to require TLS for the entire message delivery path, preventing downgrade attacks.
Defines ARC, a protocol that allows an intermediate mail handler to preserve email authentication results.
Specifies which DNSSEC algorithms must, should, or must not be implemented by DNS software, including RSASHA256, ECDSAP256SHA256, and ED25519.
Defines S/MIME version 4.0, providing encryption and digital signing capabilities for email messages.
Earlier version of ARC protocol specification.
Documents conventions for underscore-prefixed DNS names used by various protocols including DMARC (_dmarc), DKIM (_domainkey), MTA-STS (_mta-sts), and TLSRPT (_smtp._tls).
Defines a reporting mechanism for domains to publish policies on how sending MTAs can report on TLS connectivity failures. The report is published via a DNS TXT record at _smtp._tls.{domain}.
Defines MTA-STS, a mechanism enabling mail service providers to declare their ability to receive TLS-secured connections and to specify whether sending MTAs should refuse to deliver to MX hosts that do not offer TLS with a trusted certificate. Published as _mta-sts.{domain} TXT record.
Deprecates the use of cleartext protocols for email submission and access, recommending TLS instead.
Defines how to use DANE with SMTP to authenticate mail servers and prevent man-in-the-middle attacks.
Provides updates and operational guidance for DANE, including best practices for TLSA record management and interaction with certificate authorities.
Defines DMARC, a mechanism for email authentication that builds on SPF and DKIM to provide domain-level authentication and reporting.
Defines the SPF protocol for email authentication, allowing domain owners to specify which mail servers are authorized to send email on their behalf.
Provides guidance on DNSSEC operational practices including key management, key rollover procedures, and algorithm selection.
Defines the TLSA DNS record type for storing TLS certificate information in DNS, enabling domain owners to specify which TLS certificates should be used for their services.
Defines DKIM, a method for associating a domain name with an email message, allowing verification of the message's origin.
Describes how to use STARTTLS with DANE (DNS-Based Authentication of Named Entities) for SMTP security.
Provides an overview of the Internet mail architecture, including components, protocols, and security considerations.
Defines the SMTP protocol for sending and receiving email messages over the Internet.
Defines the format of Internet messages, including headers, body, and MIME structure.
Defines the profile for X.509 certificates used in Internet applications, including email security.
Defines NSEC3, an alternative to NSEC for authenticated denial of existence in DNSSEC that prevents zone enumeration by hashing domain names.
Specifies the use of AES-GCM authenticated encryption algorithms in CMS for S/MIME, providing better security than traditional encryption methods.
Introduces DNSSEC and specifies requirements for DNS data origin authentication and data integrity verification using public key cryptography.
Defines DNS resource record types for DNSSEC: DNSKEY, RRSIG, NSEC, and DS records used for DNS data authentication.
Specifies protocol changes for DNS resolvers and servers to support DNSSEC, including chain-of-trust validation from root to leaf zone.
Defines STARTTLS extension for SMTP, allowing clients to upgrade a plaintext connection to TLS.
Defines the syntax for certification requests used in certificate signing requests (CSR).
Try adjusting your search or filter criteria