xs4all enabled DANE outgoing verification
Bjørn Mork
bjorn at mork.no
Tue Sep 4 11:46:10 CEST 2018
Viktor Dukhovni <ietf-dane at dukhovni.org> writes:
> If you do find the need to make an exception, I'd recommend applying
> any STARTTLS exceptions on just a subset of your primary MX hosts.
> This has two benefits:
>
> 1. They can still get through if/when they fix their software
> turn on DANE.
>
> 2. Their logs and your logs continue to record intermittent
> failures while they are still broken, with the mail getting
> through via the MX hosts with the exception list. That way,
> you can prune your lists when failures cease, and they may
> take action sooner if they see ongoing issues.
Smart! That is certainly a good solution. Thanks
Bjørn
More information about the dane-users
mailing list