> On 21 Apr 2016, at 18:17, Viktor Dukhovni <[email protected]> wrote: > While the even larger Gmail, Outlook.com/Hotmail, Yahoo ... are > not in the near term in a position to deploy DNSSEC, I expect that > doing so is simpler for outlook.com, because this domain does not > overlap with major web properties whose scale makes the transition > considerably more difficult. So it would be great to add Microsoft > to the above list some time in 2017 (or sooner).
Am I correct in assuming that none of the very big (Gmail, et al) do DANE verification when sending email? Given that Google’s public DNS resolvers have supported DNSSEC since many years, I think it would make sense for Google to start delivering email with DANE, regardless of what they decide to do for inbound email. > DANE for gmail.com is also plausible without impacting all of > Google, but requires moving the MX hosts out of the present > google.com. The domain googlemail.com used to be part of the Google Apps MX. Speaking of which; it would also make DANE available to the millions of domains[1] using Google Apps, as a bonus. [1] http://research.domaintools.com/statistics/mailservers/ _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
