Add support for RFC-9116 / security.txt documents?

I was recently reading RFC-9116, which specifies that a text-based document defining contact addresses for security reporting be defined in the .well-known subdirectory.

I’d love to see support for something like this to be auto-generated for domains. Where can I submit this as a request?

This is a public, open project - the code lives at So you, or anyone, makes a change (to their own copy) and then submits a pull-request to have the change merged into the next revision :slight_smile:

I’m not aware of anyone using these security.txt files for anything, so, unless I’m wrong, I probably would not accept that for Mail-in-a-Box. Which isn’t to say it’s a bad idea, but there’s no upside.

This is reasonable. I suppose if I want it, I can just make it by hand and publish it!

This topic was automatically closed after 61 days. New replies are no longer allowed.