On 7/12/19 8:37 PM, Heiko Schlittermann via mailop wrote:
Providing TLSA records is only one half of the story. The sender has to
use them. Currently there is no way to force the sender to use my TLSA
records, is there?
(Though, I can force all senders to use TLS when talking to me, but I
can'
Bjoern Franke via mailop (Fr 12 Jul 2019 18:47:40 CEST):
> Am 11.07.19 um 21:29 schrieb Ross Tajvar via mailop:
> > Yes, this is exactly what I was wondering. I'm sure it's possible to
> > validate on any reasonably modern MTA, but I am curious if hosted mail
> > providers (or even large enterpris
Am 11.07.19 um 21:29 schrieb Ross Tajvar via mailop:
> Yes, this is exactly what I was wondering. I'm sure it's possible to
> validate on any reasonably modern MTA, but I am curious if hosted mail
> providers (or even large enterprises) are actually doing this validation.
Posteo and United Interne
At this point, for mail sending, Gmail does not support DANE, though we do support STS and TLSRPT. I imagine DANE is somewhere on their TODO list, but couldn't give any time frame for that.
It is supported by a bunch of Europea
Ross Tajvar via mailop (Fr 12 Jul 2019 04:12:13 CEST):
> >For mail clients this question isn't relevant, if this is meant as
> >"MUA", since MUAs normally talk to their submission hosts, and often do
> >certificate checking similar to that what HTTPS clients do: compare the
> >certificate's CN, an
At this point, for mail sending, Gmail does not support DANE, though we do
support STS and TLSRPT. I imagine DANE is somewhere on their TODO list,
but couldn't give any time frame for that.
It is supported by a bunch of European ISPs, as well as Comcast.
Brandon
On Thu, Jul 11, 2019 at 2:45 PM
>As Jeremy already pointed out, DANE is about receiving, giving the the
sender
>a chance to check the recipient's server. If Mailcow suggests you to use
>TLSA records, your question is probably about services that would use
>these records to avoid sending mails destined for your domain to the
>wron
In article
you write:
>However, the mail server I'm using (Mailcow) suggests I add TLSA records
>for ports that serve SMTP, POP3, and IMAP (as well as HTTPS). I'm curious,
>do any major mail services actually validate these records when receiving
>mail? Do any major mail clients?
Comcast does on
Ross Tajvar via mailop (Do 11 Jul 2019 17:58:36 CEST):
> However, the mail server I'm using (Mailcow) suggests I add TLSA records
> for ports that serve SMTP, POP3, and IMAP (as well as HTTPS). I'm curious,
> do any major mail services actually validate these records when receiving
> mail? Do any
Yes, this is exactly what I was wondering. I'm sure it's possible to
validate on any reasonably modern MTA, but I am curious if hosted mail
providers (or even large enterprises) are actually doing this validation.
On Thu, Jul 11, 2019 at 3:01 PM Jeremy Harris via mailop
wrote:
> On 11/07/2019 19
On 11/07/2019 19:10, Tom Ivar Helbekkmo via mailop wrote:
> Postfix supports DANE.
I think you'll find Exim does also - but the OP
was asking about services rather than software.
I'd greatly like to hear, for instance, that Gmail
used DANE.
--
Cheers,
Jeremy
_
Jeremy Harris via mailop writes:
> On 11/07/2019 16:58, Ross Tajvar via mailop wrote:
>> do any major mail services actually validate these records when receiving
>> mail? Do any major mail clients?
>
> DANE is relevant to sending mail, not receiving.
> That doesn't answer your question, though.
On 11/07/2019 16:58, Ross Tajvar via mailop wrote:
> do any major mail services actually validate these records when receiving
> mail? Do any major mail clients?
DANE is relevant to sending mail, not receiving.
That doesn't answer your question, though.
--
Cheers,
Jeremy
__
Hi all,
Apologies if this has been discussed before but I did a cursory search and
didn't find anything.
I've been looking into DANE and TLSA records recently. It seems that no
major browsers support validating websites via DANE, and the third-party
plugin that CZ.NIC developed to do so has been
14 matches
Mail list logo