Nice data: stats.dnssec-tools.org Nearly 2M domains with DNSSEC and MX pointing to host with DANE records. But under 5500 actual MX's with DANE records. IOW almost everyone's mail is outsourced to big providers...
Conversation
Replying to
I have attestation.app set up to send out the automated alert emails that are part of the service with OpenSMTPD + dkimproxy but I simply haven't had time to do more. Forwarding emails sent to the GrapheneOS domains is a placeholder until there's time to set something up.
2
I don't have a way to send valid emails from grapheneos.org and just have everything forwarded to my personal address for the time being. Technically, I could use the attestation.app setup for sending emails manually too but I've only done that for testing it.
1
It's hard to find the time to deal with these things. The mail server should probably be on a separate server set up to receive and send emails on behalf of all the GrapheneOS domains. If I'm going to expose another service to the world I need to do it right though. Non-trivial.
I made a reproducible script / instructions for a secure setup to send the automated alert emails with proper DKIM/SPF/DMARC configuration. So, next step would be moving that to another server, setting it up for grapheneos.org and then setting up receiving mail for both.
1
You might have inspired me to finally deal with the first step of splitting it out into a separate server. I just haven't wanted to deal with learning how to set up securely receiving emails rather than just sending them. I don't want to do it unless it's done entirely correctly.