xs4all enabled DANE outgoing verification

Bjørn Mork bjorn at mork.no
Tue Sep 4 11:46:10 CEST 2018

Viktor Dukhovni <ietf-dane at dukhovni.org> writes:

> If you do find the need to make an exception, I'd recommend applying
> any STARTTLS exceptions on just a subset of your primary MX hosts.
> This has two benefits:
>    1. They can still get through if/when they fix their software
>       turn on DANE.
>    2. Their logs and your logs continue to record intermittent
>       failures while they are still broken, with the mail getting
>       through via the MX hosts with the exception list.  That way,
>       you can prune your lists when failures cease, and they may
>       take action sooner if they see ongoing issues.

Smart!  That is certainly a good solution. Thanks


More information about the dane-users mailing list