> Unfortunately that leads to this: now imagine said MX servers were under whatever political party you oppose.
Hmm, what could I do?
Maybe change my MX records to move from mailgun to postmark or any other mail provider? Or self host?
But that's if we assume the key servers would have to be the same as the MX servers, because of some technological limitations.
Alternatively, it could be done like SSHFP where SSHFP records exist independently from the CNAME records: then the problem disappear, as you as the domain owner can delegate the MX part to one company, while only entrusting yourself with the publication of the public keys.
If you mean "but what about gmail users" - if gmail servers are under whatever political party you oppose, you've got a much bigger problem, and I don't think there can be a technological solution.
Hmm, what could I do?
Maybe change my MX records to move from mailgun to postmark or any other mail provider? Or self host?
But that's if we assume the key servers would have to be the same as the MX servers, because of some technological limitations.
Alternatively, it could be done like SSHFP where SSHFP records exist independently from the CNAME records: then the problem disappear, as you as the domain owner can delegate the MX part to one company, while only entrusting yourself with the publication of the public keys.
If you mean "but what about gmail users" - if gmail servers are under whatever political party you oppose, you've got a much bigger problem, and I don't think there can be a technological solution.