On 25.04.2014 17:00, Viktor Dukhovni wrote: > If anyone else on this list has a DNSSEC signed domain and adds MX > host TLSA records, please feel free to drop me a note. I'll connect > to your domain from my home network a few times a year to test DANE > interoperability, you will not be exposed to any noticeable load, > nor any unwanted email messages, the connection will just complete > a TLS handshake, send "QUIT" and disconnect. (A test with > posttls-finger).
sotecware.net and wielicki.name are both handled by my mailhost and should have TLSA records. I just realized that wielicki.name had an invalid MX record, but I just fixed that, it should be propagated in the next 30 minutes. I wonder whether a service like https://xmpp.net would be valuable for the SMTP network too. For those who don’t know it, it provides general security parameter checking on XMPP hosts, including certificate, cipher and DNSSEC checks (example report[1]). regards, Jonas [1]: https://xmpp.net/result.php?domain=sotecware.net&type=client
