Now that RFCs 7671 and 7672 have been baked in for over a year,
some of the early Postfix DANE features that predate the final
specification are scheduled to be cleaned up for the upcoming
Postfix 3.2 release (~January 2017).
In particular:
* RFC 7671 Digest algorithm agility will no longer be optional.
This has been on by default with no observed issues.
* Support for DANE-TA(2) records with matching types other than
Full(0) will no longer be optional. These are widely used,
and support has been on by default with no significant issues.
* Support for PKIX-EE(1) TLSA records (by pretending they
were really DANE-EE(3)) will be dropped. Out of the 3420 MX
hosts in my survey, only "dougbarton.us" is using these, and
there's no need to bend the spec to support one outlier.
While I have your attention, the number of domains (I've been able
to find) with TLSA records for all their MX hosts now exceeds
103000. There are now 93 domains that have appeared in Google's
email transparency report at some point in time, and 44 of these
appear in a single recent report:
gmx.at jpberlin.de t-2.net
conjur.com.br lrz.de xs4all.net
registro.br mail.de overheid.nl
gmx.ch posteo.de xs4all.nl
open.ch ruhr-uni-bochum.de domeneshop.no
anubisnetworks.com tum.de webcruitermail.no
gmx.com uni-erlangen.de debian.org
mail.com unitybox.de freebsd.org
trashmail.com unitymedia.de gentoo.org
xfinity.com web.de ietf.org
bayern.de octopuce.fr netbsd.org
bund.de comcast.net openssl.org
fau.de dd24.net samba.org
gmx.de gmx.net torproject.org
ish.de hr-manager.net
( https://www.google.com/transparencyreport/saferemail/ )
The hosting providers with the top 5 counts of DANE SMTP domains
are:
42140 domeneshop.no
32656 transip.nl
15097 udmedia.de
1758 bhosted.nl
1273 nederhost.net
I believe this list will grow in the near future, and as a result
we'll see a substantial increase the total number of domains.
--
Viktor.
_______________________________________________
dane mailing list
dane@ietf.org
https://www.ietf.org/mailman/listinfo/dane
