After the last major update to the site, I noticed that the new Email Aliases page contains a Criteria section that is currently empty. Before the aforementioned update, most of the content in the Email Aliasing page was housed in the Email Services page, so the recommended aliasing services probably (?) shared some criteria with the recommended email services.
Yes this should be addressed, it’s going to be the same as the email page, minus some specific things like WKD.
It isn’t empty FWIW, it says:
we evaluate email aliasing providers to the same standard as our regular email provider criteria where applicable.
Oops, I completely missed the line you quoted 
Thanks for pointing it out, @jonah
I think that is more elegant and cleaner than duplicating most of the criteria on to the new aliasing page.
So SimpleLogin doesn’t meet security criteria.
Half the domains don’t use DNSSEC, and the MTA-STS policy is not set to “enforce”.
There’s no certificate protection with CAA either.
All a provider’s domains should have the same level.
All addy domains are configured correctly, except for one, the TLD doesn’t support DNSSEC.
The criteria also mention Expect-CT, but this was deprecated by google in 2022. Shouldn’t it be removed?
Yes they should. This is a bit annoying. I am sure when we evaluated it they were.
At the time it was looking at being current, but yes doesn’t look important anymore. We should change that to simply that the provider should support Certificate Transparency as default.
It’s possible that the configuration was fine before, but now it seems like it’s been at least two years since DNSSEC has been absent from some domains.