At this point, for mail sending, Gmail does not support DANE, though we do support STS and TLSRPT. I imagine DANE is somewhere on their TODO list, but couldn't give any time frame for that.
It is supported by a bunch of European ISPs, as well as Comcast. Brandon On Thu, Jul 11, 2019 at 2:45 PM Heiko Schlittermann via mailop < [email protected]> wrote: > Ross Tajvar via mailop <[email protected]> (Do 11 Jul 2019 17:58:36 CEST): > > However, the mail server I'm using (Mailcow) suggests I add TLSA records > > for ports that serve SMTP, POP3, and IMAP (as well as HTTPS). I'm > curious, > > do any major mail services actually validate these records when receiving > > mail? Do any major mail clients? > > As Jeremy already pointed out, DANE is about receiving, giving the the > sender > a chance to check the recipient's server. If Mailcow suggests you to use > TLSA records, your question is probably about services that would use > these records to avoid sending mails destined for your domain to the > wrong server. > > I'm not sure if Gmail does, but I *seems* that GMX (a German mail service) > does checking of my TLSA records. (I can tell, because once I messed up > these records and messages from @gmx.de to my domains bounced back to > their GMX senders.) > > I'm not sure if GMX can be counted as a major service. > > For mail clients this question isn't relevant, if this is meant as > "MUA", since MUAs normally talk to their submission hosts, and often do > certificate checking similar to that what HTTPS clients do: compare the > certificate's CN, and SAN with the hostname they connect to and verify > the certificate against locally stored trusted CAs. > > Best regards from Dresden/Germany > Viele Grüße aus Dresden > Heiko Schlittermann > -- > SCHLITTERMANN.de ---------------------------- internet & unix support - > Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - > gnupg encrypted messages are welcome --------------- key ID: F69376CE - > ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ - > _______________________________________________ > mailop mailing list > [email protected] > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
