The German email provider, posteo.de, has published TLSA RRs for SMTP
and also enabled DANE TLS verification outbound:
http://www.heise.de/newsticker/meldung/Verschluesselter-Mail-Transport-Posteo-setzt-als-erster-Provider-DANE-ein-2187144.html
$ dig +noall +comment +ans +ad -t mx posteo.de
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42574
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; ANSWER SECTION:
posteo.de. IN MX 10 mx02.posteo.de.
posteo.de. IN MX 20 mx01.posteo.de.
$ dig +noall +comment +ans +ad -t TLSA _25._tcp.mx02.posteo.de
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42306
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; ANSWER SECTION:
_25._tcp.mx02.posteo.de. IN TLSA 3 1 1 (
1EE4C4318C1FA8D75AC0DF56755B30A2
F88DB7BFAC129A2C50F316A0C3B1E640 )
With any luck this week or next mail.ietf.org will also enable
STARTTLS and have TLSA records published, enabling sending MTAs to
verify ietf.org with DANE. Outbound DANE will be enabled later
(pending a software refresh of the relevant servers).
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
