BSI TR-03108-1 Secure E-Mail Transport Requirements for E-Mail Service Providers (EMSP) regarding a secure Transport of E-Mails Version: 1.0 Date: 05/12/2016 https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03108/TR03 08-1.pdf;jsessionid=BD19BA2EBEEB22AFE1A8310E1666148E.2_cid286?__blob=publicationFile&v=3
defines DANE-SMTP mandatory in section 2.2.1 for all certified german e-mail providers. BSI = Federal Office for Information Security (Germany) I suggest to refer to this document to show e-mail providers DANE-SMTP is already in active use and even mandatory by governmemnts. Best regards, Renne 26. August 2016 03:36, "Viktor Dukhovni" <[email protected]> schrieb: > Many domain hosting providers that also host the email for the > customer domains. For a bunch of these providers the MX hosts are > in a DNSSEC-signed zone, and a non-trivial number of customer MX > RRsets are also in signed zones. Consequently, they can easily > enable DANE SMTP for all the domains in question, just by publishing > a small set of TLSA records. > > I've reached out to a couple of the providers with the largest > count of DNSSEC-signed customer domains, but don't have the cycles > to reach out to the rest. > > Therefore, I am posting below a list of the provider domains that > house MX hosts that would DANE-enable 100+ domains by publishing > and monitoring appropriate TLSA records. > > Any providers that get wind of this posting might find the links > below useful: > > https://www.internetsociety.org/deploy360/blog/2016/03/lets-encrypt-certificates-for-mail-servers-an > -dane-part-2-of-2 > https://www.ietf.org/mail-archive/web/uta/current/msg01498.html > http://tools.ietf.org/html/rfc7672#section-1.3 > http://tools.ietf.org/html/rfc7671#section-8.1 > http://tools.ietf.org/html/rfc7671#section-8.4 > https://dane.sys4.de/common_mistakes > > To whit, below my signature is a list of providers that should be > encouraged to deploy TLSA records having already gone to all the > trouble of doing the hard part and deploying DNSSEC: > > If anyone on this list knows the appropriate technical contacts at > one or more of these providers, please feel free to reach out and > give them a gentle nudge in the right direction. Collectively, > these 58 providers can DANE-enable at least 72 thousand domains. > > -- > Viktor. > > protonmail.ch > 1024degres.com > gransy.com > intility.com > networking4all.com > procolix.com > senta.com > shoptrader.com > tornado-mail.com > aerohosting.cz > banan.cz > dc3.cz > globe.cz > ignum.cz > onebit.cz > seolight.cz > smtp.cz > webcloud.cz > hosting.eu > mail-scanner.eu > mailplatform.eu > anonymail.hu > dns1.hu > integrity.hu > microware.hu > webtar.hu > servicios-nic.com.mx > netvibeshosting.net > networking4all.net > ubm-us.net > 2is.nl > argewebhosting.nl > atention.nl > bit.nl > blackhole.nl > box.nl > datacon.nl > flexfilter.nl > greenhost.nl > hostingdiscounter.nl > hostplan.nl > iaf.nl > is.nl > jouwweb.nl > mach3builders.nl > openprovider.nl > pcextreme.nl > prolocation.nl > spamservice.nl > swathosting.nl > uvt.nl > webguru.nl > domeneshop.no > fastname.no > uniweb.no > entos.se > paranormal.se > ine.co.th > > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
