Please drop TLSA records matching retired Let's Encrypt CAs

Jan-Pieter Cornet johnpc at
Thu Sep 30 20:20:35 CEST 2021

On 30-9-21 17:49, Benny Pedersen wrote:
> On 2021-09-30 17:30, Viktor Dukhovni wrote:
>> The DANE survey continues to observe a "long tail" of MX hosts with TLSA
>> records that match the retired "X3" and/or "X4" Let's Encrypt issuer Cas.
> X-Spamd-Bar: /
> Authentication-Results:;
>     none
> X-Rspamd-Server: echo
> X-Rspamd-Queue-Id: 4HKxyj0s1fz1fv9
> X-Spamd-Result: default: False [0.00 / 6.00];
>      TAGGED_RCPT(0.00)[dane-users,lists,dane-sys4,ml.dane-users]
These headers are in my copy of Victor's message too, but are either standard or shouldn't make a difference.
> X-Spam: Yes
Not in the message I saw. I'm guessing your anti-spam solution inserted that one itself.
> why would it not be removed that header when recipient is not local ? :) 
Maybe Rspamd is in front of the mailinglist? It shouldn't matter to you.

Jan-Pieter Cornet <johnpc at>
Systeembeheer XS4ALL Internet bv

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the dane-users mailing list