Now that RFCs 7671 and 7672 have been baked in for over a year, some of the early Postfix DANE features that predate the final specification are scheduled to be cleaned up for the upcoming Postfix 3.2 release (~January 2017).
In particular: * RFC 7671 Digest algorithm agility will no longer be optional. This has been on by default with no observed issues. * Support for DANE-TA(2) records with matching types other than Full(0) will no longer be optional. These are widely used, and support has been on by default with no significant issues. * Support for PKIX-EE(1) TLSA records (by pretending they were really DANE-EE(3)) will be dropped. Out of the 3420 MX hosts in my survey, only "dougbarton.us" is using these, and there's no need to bend the spec to support one outlier. While I have your attention, the number of domains (I've been able to find) with TLSA records for all their MX hosts now exceeds 103000. There are now 93 domains that have appeared in Google's email transparency report at some point in time, and 44 of these appear in a single recent report: gmx.at jpberlin.de t-2.net conjur.com.br lrz.de xs4all.net registro.br mail.de overheid.nl gmx.ch posteo.de xs4all.nl open.ch ruhr-uni-bochum.de domeneshop.no anubisnetworks.com tum.de webcruitermail.no gmx.com uni-erlangen.de debian.org mail.com unitybox.de freebsd.org trashmail.com unitymedia.de gentoo.org xfinity.com web.de ietf.org bayern.de octopuce.fr netbsd.org bund.de comcast.net openssl.org fau.de dd24.net samba.org gmx.de gmx.net torproject.org ish.de hr-manager.net ( https://www.google.com/transparencyreport/saferemail/ ) The hosting providers with the top 5 counts of DANE SMTP domains are: 42140 domeneshop.no 32656 transip.nl 15097 udmedia.de 1758 bhosted.nl 1273 nederhost.net I believe this list will grow in the near future, and as a result we'll see a substantial increase the total number of domains. -- Viktor. _______________________________________________ dane mailing list dane@ietf.org https://www.ietf.org/mailman/listinfo/dane