Ross Tajvar via mailop <[email protected]> (Do 11 Jul 2019 17:58:36 CEST): > However, the mail server I'm using (Mailcow) suggests I add TLSA records > for ports that serve SMTP, POP3, and IMAP (as well as HTTPS). I'm curious, > do any major mail services actually validate these records when receiving > mail? Do any major mail clients?
As Jeremy already pointed out, DANE is about receiving, giving the the sender
a chance to check the recipient's server. If Mailcow suggests you to use
TLSA records, your question is probably about services that would use
these records to avoid sending mails destined for your domain to the
wrong server.
I'm not sure if Gmail does, but I *seems* that GMX (a German mail service)
does checking of my TLSA records. (I can tell, because once I messed up
these records and messages from @gmx.de to my domains bounced back to
their GMX senders.)
I'm not sure if GMX can be counted as a major service.
For mail clients this question isn't relevant, if this is meant as
"MUA", since MUAs normally talk to their submission hosts, and often do
certificate checking similar to that what HTTPS clients do: compare the
certificate's CN, and SAN with the hostname they connect to and verify
the certificate against locally stored trusted CAs.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
