Hi all,
A while ago we’ve asked the members of this mailing list to fill in a survey about DANE management. First of all: Thanks to everyone who filled in the survey!
We’ve processed the results which are now part of our paper "Under the Hood of DANE Mismanagement in SMTP”, which is going to be published at usenix security [1].
Overall, we see that the vast majority of domain names that outsource their SMTP server (which is the majority of all domain names) configure DANE correctly. Self hosted SMTP servers, however, are misconfigured frequently. Especially keeping the TLSA records from a name server and certificates from an SMTP server synchronized is not straightforward.
You can read the full abstract and paper here [1].
— Moritz
[1] https://www.usenix.org/conference/usenixsecurity22/presentation/lee