Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No, DANE is very bad. But it's a dead-letter standard, so I don't worry about much.


You think no one is deploying DANE for SMTP?

https://stats.dnssec-tools.org/images/domains.svg

It's deployed on many more domains than MTA-STS.


Of course it is. There are only a couple of email providers that actually matter, but out in the long tail of domains that might never receive a single non-spam email, there are plenty that are auto-signed by registrars. It's telling that's the best evidence you have, and not, like, "Google Mail uses DANE".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: