Conversation

Nice data: stats.dnssec-tools.org Nearly 2M domains with DNSSEC and MX pointing to host with DANE records. But under 5500 actual MX's with DANE records. IOW almost everyone's mail is outsourced to big providers...

Daniel Micay

@DanielMicay

Replying to

@RichFelker

I have attestation.app set up to send out the automated alert emails that are part of the service with OpenSMTPD + dkimproxy but I simply haven't had time to do more. Forwarding emails sent to the GrapheneOS domains is a placeholder until there's time to set something up.

attestation.app

Device integrity monitoring

Hardware-based remote attestation service for monitoring the security of Android devices using the Auditor app.

2:08 AM · Mar 29, 2020Twitter Web App

Replying to

and

I don't have a way to send valid emails from grapheneos.org and just have everything forwarded to my personal address for the time being. Technically, I could use the attestation.app setup for sending emails manually too but I've only done that for testing it.

attestation.app

Device integrity monitoring

Hardware-based remote attestation service for monitoring the security of Android devices using the Auditor app.

Replying to

and

It's hard to find the time to deal with these things. The mail server should probably be on a separate server set up to receive and send emails on behalf of all the GrapheneOS domains. If I'm going to expose another service to the world I need to do it right though. Non-trivial.

Show replies

Replying to

Is it validating DANE when sending them out?

Replying to

It's not currently supported by OpenSMTPD which is the current mail server: github.com/OpenSMTPD/Open I don't know what happened with their work on implementing it. To have DANE verification in the short term I'd need to use a different mail server, which isn't very appealing.

github.com

DANE: implement DANE ... · Issue #409 · OpenSMTPD/OpenSMTPD

We have to do it and our main competitor has it already ;-)

Show replies