about: add FAQ about mta-sts

2019-07-06 12:07:54 +02:00 · 2019-07-06 12:07:54 +02:00 · 5ac75bb23b
parent f3d2f89607
commit 5ac75bb23b
1 changed files with 21 additions and 0 deletions
--- a/dist/templates/about/faq.html.hbs
+++ b/dist/templates/about/faq.html.hbs
@ -79,6 +79,27 @@
        and makes key discovery by e-mail much more convenient.
    </p>

+    <h3 id="email-protection"><a href="#email-protection">What do you do to
+            protect outgoing verification e-mails?</a></h3>
+
+    <p>
+        We use a modern standard called
+        <a href="https://www.hardenize.com/blog/mta-sts" target="_blank">MTA-STS</a>,
+        combined with
+        <a href="https://starttls-everywhere.org/" target="_blank">STARTTLS Everywhere</a>
+        by the EFF,
+        to make sure verification e-mails are sent out securely.
+        This protects against eavesdropping and interception during delivery.
+    </p>
+
+    <p>
+        The MTA-STS mechanism depends on correctly configured e-mail servers.
+        You can <a href="https://www.hardenize.com/">run this test</a>
+        to see if your e-mail provider supports it.
+        If the "MTA-STS" entry on the left isn't a green checkmark,
+        please ask your provider to update their configuration.
+    </p>
+
    <h3 id="third-party-signatures"><a href="#third-party-signatures">
            Do you distribute "third party signatures"?</a></h3>