update max_age recommendation

jpawlowski · Mar 2, 2024 · 4a802c1 · 4a802c1
1 parent 3af9106
commit 4a802c1
Show file tree

Hide file tree

Showing 7 changed files with 160 additions and 6 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,22 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+
+# CSV, Markdown, and Text files
+[*.{csv,md,txt}]
+trim_trailing_whitespace = true
+
+# JSON and XML files
+[*.{json,xml,yml,code-workspace}]
+indent_style = space
+indent_size = 2
+
+# Matches the exact file .editorconfig
+[.editorconfig]
+indent_style = space
+indent_size = 2
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,10 @@
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text=auto
+
+# Set svg to binary type, as SVG is unlikely to be editted by hand. Can be treated as checked in blob
+*.svg binary
+
+# Denote all files that are truly binary and should not be modified.
+*.png binary
+*.jpg binary
+*.pdf binary
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,116 @@
+# Created by https://www.toptal.com/developers/gitignore/api/git,linux,macos,windows,visualstudiocode,dotenv
+# Edit at https://www.toptal.com/developers/gitignore?templates=git,linux,macos,windows,visualstudiocode,dotenv
+
+### dotenv ###
+.env
+
+### Git ###
+# Created by git for backups. To disable backups in Git:
+# $ git config --global mergetool.keepBackup false
+*.orig
+
+# Created by git when using merge tools for conflicts
+*.BACKUP.*
+*.BASE.*
+*.LOCAL.*
+*.REMOTE.*
+*_BACKUP_*.txt
+*_BASE_*.txt
+*_LOCAL_*.txt
+*_REMOTE_*.txt
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+
+### VisualStudioCode ###
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+!.vscode/*.code-snippets
+!.vscode/PSScriptAnalyzerSettings.psd1
+!.vscode/PSScriptAnalyzerCustomRules.ps1
+
+# Local History for Visual Studio Code
+.history/
+
+# Built Visual Studio Code Extensions
+*.vsix
+
+### VisualStudioCode Patch ###
+# Ignore all local history of files
+.history
+.ionide
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# End of https://www.toptal.com/developers/gitignore/api/git,linux,macos,windows,visualstudiocode,dotenv
diff --git a/.markdownlint.json b/.markdownlint.json
@@ -0,0 +1,6 @@
+{
+  "MD012": false,
+  "MD013": false,
+  "MD033": false,
+  "MD041": false
+}
diff --git a/.well-known/mta-sts.txt b/.well-known/mta-sts.txt
@@ -3,5 +3,5 @@ mode: [enforce|testing|none] # 1. Decide your mode.
 mx: mx1.your_domain.tld      # 2. Add your primary mailserver hostname (see MX records in your DNS)
 mx: mx2.your_domain.tld      # 3. If you have secondary mailservers, add one line for each.
                              #    In case all servers share the same subdomain, you may also use wildcards like *.mail.protection.outlook.com
-max_age: 604800              # 4. Depending on your mode above, 604800 seconds = 1 week might be a good value.
+max_age: 1209600             # 4. Depending on your mode above, 1209600 seconds = 2 weeks might be a good value.
                              # 5. Remove all the comments (if that wasn't obvious to you).
diff --git a/LICENSE.md b/LICENSE.md
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright @ 2023 Julian Pawlowski
+Copyright @ 2024 Julian Pawlowski
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -23,11 +23,12 @@ In case the sending e-mail server is not able to initiate a secure connection, i
 
 2. Change the file `.well-known/mta-sts.txt` according to your needs.
 
-3. Create a `CNAME` record for `mta-sts.<your_domain.tld>` in your domain's DNS that points to `<you_username>.github.io` or `<your_organization>.github.io` and [enable GitHub Pages](https://docs.github.com/articles/using-a-custom-domain-with-github-pages/).
+3. Create a `CNAME` record for `mta-sts.<your_domain.tld>` in your domain's DNS that points to `<your_username>.github.io` or `<your_organization>.github.io` and [enable GitHub Pages](https://docs.github.com/articles/using-a-custom-domain-with-github-pages/).
 
 4. Open a browser to `https://mta-sts.<your_domain.tld>` and make sure it does not show any certificate warnings.
 
 5. Create a `TXT` record for `_mta-sts.<your_domain.tld>` in your domain's DNS to enable the MTA-STS policy for your domain.
+
    You may copy & paste this to your DNS provider:
 
    ```dns
@@ -36,11 +37,10 @@ In case the sending e-mail server is not able to initiate a secure connection, i
    ```
 
    **Note that you will need to change the `id=` here whenever you make changes to your `mta-sts.txt` policy file.**
-
 
 6. Validate your setup, for example by using the [MTA-STS Lookup by MXToolBox](https://mxtoolbox.com/mta-sts.aspx), or looking into your [Hardenize Public Report](https://www.hardenize.com/).
 
-*Optional (but __highly recommended__):*
+_Optional (but **highly recommended**):_
 
 7. Create another `TXT` record for `_smtp._tls.<your_domain.tld>` in your domain's DNS to enable reporting (see [RFC 8460](https://datatracker.ietf.org/doc/html/rfc8460)).
    You may copy & paste this to your DNS provider:
@@ -52,7 +52,7 @@ In case the sending e-mail server is not able to initiate a secure connection, i
 
    Note that the e-mail recipient mailbox shall be on a different domain _without_ MTA-STS being configured. This could be a subdomain like `mailcheck.<your_domain.tld>`.
    It is also quite painful to manually deal with the reports other e-mail providers will send to you. For that particular reason, you may want to consider sending these e-mails to a 3rd-party tool like [Report URI](https://report-uri.com/), [URIports](https://www.uriports.com/), or from other commercial providers.
-   
+
    You probably want this to be the same tool you might use for DMARC reports, like [DMARC Analyzer](https://www.dmarcanalyzer.com/) or [Dmarcian](https://dmarcian.com/).
 
 ## License