On Wed, May 21, 2014 at 05:44:10PM +0200, David Schweikert wrote:
> > You can use "dane" or "dane-only" per-destination if you like to
> > simplify the configuration management, no matching rules to define.
> > However, I would encourage senders en-masse to enable DANE, and
> > expect receiving systems that publish TLSA records to get it right
> > or fix it promptly. At least unlike the case with an RBL listing,
> > they can do it themselves.
>
> Still, our customers will likely react much more sensitively to their
> mails being queued (independently of the reason), compared to refusing
> incoming mails from a third party, because of mis-configuration.
> Especially, if they notice only one day later that their mails were
> being queued.
On an outbound MTA I would set something along the lines of:
delay_warning_time = 2h
> Thanks again for all your answers! I really appreciate it.
>
> (We are working on adding DANE support to our product, btw.)
Is it an MTA? What library will you be using to handle the DANE-style
certificate chain validation? You can contact me off-list about that.
--
Viktor.
