Time marches on, and various TLS stacks are gradually disabling obsolete
and legacy TLS features.
This affects DANE SMTP users, because when you publish TLSA records you
are effectively commiting to sufficiently interoperable TLS support with
no fallback to cleartext SMTP transmission.
If your server's TLS stack is substantially behind the times, you risk
losing mail, as gradually more sending systems are unable to complete
TLS connections to your server.
I was reminded of this today, after upgrading the software stack on the
DANE survey server. The latest Haskell TLS library has:
- Removed TLS 1.0 and TLS 1.1 support
- By default now requires that TLS 1.2 stacks support the
Extended Master Secret (EMS) extension.
The first of these only affects a few MX hosts, for under 10 domains,
and as of today, the server will assess these hosts to not support TLS.
For the second, ~300k domains were affected, so I've made a code change
in the survey to override the new default, and EMS is for now optional.
However, this does not mean that it is a good idea to stay with outdated
TLS server libraries that lack the last decade of TLS security
improvements. At some point you'll run into increasing interoperability
issues.
Therefore, please make sure that your server TLS stacks are of a
reasonably recent vintage, support TLS 1.3, and TLS 1.2 with EMS,
and various other up-to-date protocol features.
Below my signature is a list of 681 MX hosts that support TLS 1.2 only
without EMS. If you're operating one of these, you may want to consider
a software update, or reach out to your vendor re their future plans if
on the latest available software.
--
Viktor.
mail.ismail.app
mail.cambium.at
mail.core.at
mx2.core.at
mail1.dialog-on.at
mailex.graz4u.at
mxirl.kurios.at
smail.bancfirst.bank
smail2.bancfirst.bank
mail.dierenplanet.be
mail.kevinscheerlinck.be
mail7.uzgent.be
mail8.uzgent.be
ip1.nra.bg
box.credazulbh.com.br
digidocsolucoes.com.br
digitalnext.com.br
divulgabrasilpublicidade.com.br
erpacademy.com.br
webmail.grsolucoestelecom.com.br
localizarfacil.com.br
paulohendrix.com.br
mail.purplehost.com.br
rminet.com.br
somcast.com.br
agent.aneel.gov.br
coulomb.aneel.gov.br
mailsrv.aneel.gov.br
master.aneel.gov.br
silicio.defesa.gov.br
aadh.org.br
carteiradeestudanteonline.org.br
mx.nohats.ca
mm.eggy.cc
mail.weel.cc
mx.aha-informatik.ch
mx2.aha-informatik.ch
sr2.alfahost.ch
linux3.buerki-hosting.ch
linux4.buerki-hosting.ch
sr621.firestorm.ch
mail.houbi.ch
mail2.houbi.ch
mail.jardon.ch
mail.kupferschmid.ch
mx1.logging.ch
mx2.logging.ch
mx3.logging.ch
mail.lumatron.ch
mcagx.mathconsult.ch
www.versicherungen-verwalten.ch
wq-control03.web-quality.ch
mailing.osst.cl
dmzserv.osste.cl
mail.buchtic.cloud
box.castellino.cloud
mail.heinzelmann.co
mail.2d-computers.com
mta01.zh01.4synergy.com
box.aaronware.com
mail.ajsuarez.com
mail.arvidp.com
mail.atsnappic.com
server1.bootletech.com
mail.brunston.com
mail.bysnappic.com
smtp1.cacdsp.com
smtp2.cacdsp.com
smtp2b.cacdsp.com
box.certicommco.com
mail.cfd-berlin.com
mail.chamberlain1875.com
mx10.coosto.com
mx20.coosto.com
db1.countermail.com
mail.darev.com
mx01.dcvc.com
mx02.dcvc.com
box.disarrayinc.com
mail.djadaro.com
box.donaldbordner.com
mail.dsx-networks.com
mail.getrocksolidoutbound.com
box.globaldataconnections.com
mail01.globexec.com
mail02.globexec.com
box.googdaddy.com
mail.gozubuyukoglu.com
box.graabek.com
mail.growthsnappic.com
filter.hattink.com
relay-6.headbird.com
relay-7.headbird.com
smtp.heimdal31.com
mail.hepsibulutta.com
mail.hisnappic.com
box.infoprospector.com
box.intelligencespubliques.com
mail.istar-link.com
mail.joinsnappic.com
mail.justsnappic.com
mail.khecorp.com
maple.killian.com
mail.kinderfestival.com
mx.lavabit.com
mx.leonhard-ip.com
mx.lmax-kr.com
mail.macskorlari.com
mail.magmadaemon.com
box.mailcbclub.com
mx.mandjes.com
mail.me2digital.com
mx.mine-inc.com
box.misitio-mailserver.com
box.mossprogramming.com
box.mygp-server.com
box.mymaildns.com
mail.mysnappic.com
mail.noveldatasolutions.com
box.oakleg.com
mx.ontvdesign.com
mail.ordoz.com
cloud.orshost.com
box.p1xl.com
box.paprbit.com
mail.phardata.com
mbox.proabcmail.com
box.redmaplere.com
rot13.romab.com
mail.secura.com
smtp.semperen.com
mail.siem-hosting.com
mx.simply.com
mail.slackonly.com
postfach.slogh.com
box.sns-corp.com
mail.startoutreach-wizards.com
sweeper.stater.com
mx.statpro.com
mx.sunhaochen.com
mail.sysdra.com
box.tessamcdonald.com
mail.theoutreach-wizards.com
box.thepcw.com
mail.thesnappic.com
mx3.threenorth.com
mail.topoutreach-wizards.com
mail.ubogdan.com
mail.undergopher.com
box.viewnimail.com
mail.vkilin.com
smtp.vkilin.com
volcanoclient.com
calife.wilkushka.com
mail.withsnappic.com
mx1.wsheffield.com
mx2.wsheffield.com
box.wuzzlr.com
cloud4.xeeor.com
mx01.your-site.com
mail.yoursnappic.com
brightrain.aerifal.cx
mx.aerohosting.cz
mail.bsys.cz
mail.ceskearchivy.cz
mx2.cesnet.cz
mail.digitalbox.cz
mail.dobruskanet.cz
mail.dtvm.cz
mail.dubina.cz
gate.ecompany.cz
mail2.eurosat.cz
mx3.fastline.cz
smtp1.fnusa.cz
mail.cbu.gov.cz
mail.kraj-jihocesky.gov.cz
smtp-bis.gov.cz
smtp-cms.gov.cz
smtp-czp.gov.cz
smtp-kpr.gov.cz
smtp-mdcr.gov.cz
smtp-mmr.gov.cz
smtp-mvcr.gov.cz
smtp-mze.gov.cz
smtp-pcr.gov.cz
smtp-soap.gov.cz
smtp-sshr.gov.cz
smtp-szif.gov.cz
mail.grada.cz
mail.intimkontakt.cz
mailbackup.intimkontakt.cz
arachne.itcomputers.cz
mail.janpetrik.cz
mail1n.kb.cz
mail2v.kb.cz
nse.kraj-jihocesky.cz
mail.kuthani.cz
spindle.m104.cz
mail1.fs.mfcr.cz
mail2.fs.mfcr.cz
mail-gw.mfcr.cz
mail-gw2.mfcr.cz
smtp.mza.cz
mzvczemta05.mzv.cz
mzvczemta06.mzv.cz
mail.pivovardobruska.cz
smtp01.ppfbanka.cz
emas1.pre.cz
emas3.pre.cz
smg2.psp.cz
anakin.rtscs.cz
rtsdrake.rtscs.cz
mail.stebau.cz
mail.stranskyapetrzik.cz
posta.studio-kiara.cz
mail.terrasan.cz
rhine.tocc.cz
asms1.uzsvm.cz
asms2.uzsvm.cz
mail.vibrom.cz
mail.xsc.cz
mail.xtgsystems.cz
mx1.zpskoda.cz
mx2.zpskoda.cz
mail.1of16.de
mail.augusta.de
mail.azf-gruppe.de
relay.ccitm.de
mx1.denic.de
mx2.denic.de
mx.devtig.de
mail.gcd.de
mail.heinzelmann-it.de
avalon.iks-jena.de
mail.infonline.de
mail2.infonline.de
kolab.inhaltsfrei.de
mx1.linuxheilbronn.de
mx2.linuxheilbronn.de
mx3.linuxheilbronn.de
mx4.linuxheilbronn.de
mx1.mxspamfilter.de
mx2.mxspamfilter.de
mx3.mxspamfilter.de
vh.petricoral.de
mail.ropa-maschinenbau.de
mail.schoenwald-net.de
mx1.siliconhome.de
mx3.stute.de
mail.sys4.de
kolab.sysadm24.de
relay.tkue-bayern.de
mx1.top24-webhosting.de
mx2.top24-webhosting.de
mx3.top24-webhosting.de
mx4.top24-webhosting.de
smtp3.rz.tu-harburg.de
smtp4.rz.tu-harburg.de
smtp5.rz.tu-harburg.de
mailgate1.uni-kl.de
mailgate2.uni-kl.de
mail.unitedcall.de
mx1.unitedcall.de
mx2.unitedcall.de
mx3.unitedcall.de
mx4.unitedcall.de
mail.vivell.de
smtp1.cacdsp.dev
mail.bigbear.dk
privatemail.cmcs.dk
mail.dlx.dk
mailinan.emptybox.dk
frontmta.hostedsepo.dk
mx1.sit-test.dk
mx2.sit-test.dk
mail.svanberg.dk
mail.umit.dk
mail1.just.ee
mail2.rik.ee
box.3kings.email
box.bookingdesigner.email
box.enron.email
smtp.tink.email
webreus.email
mx1.ergo-segurosdeviaje.es
mail.2d-computers.eu
bhmail.bernhardtmtm.eu
mail.bindr.eu
mailx2.dg-i.eu
mail.directhost.eu
mail.eurosatcs.eu
mail.lexmedia.eu
mail.libraoptima.eu
mail.mikr.eu
khitomer.mortis.eu
mail.mtct.eu
trbsmtp1.tes.eu
mail.tmatejka.eu
letter.wolfhugel.eu
pobox.wolfhugel.eu
mail.wsch.eu
lounea-somerofw-01.somero.fi
lounea-somerofw-02.somero.fi
somerofw-01.somero.fi
somerofw-02.somero.fi
mx.media-horizon.fr
mx03.o2-graphics.fr
mx0.jmt.gr
tidamg1.tid.gov.hk
tidamg2.tid.gov.hk
tidamg3.tid.gov.hk
web50.i24.host
web51.i24.host
web52.i24.host
web55.i24.host
mail.jip.host
h4-da.mijn.host
h5-da.mijn.host
mx.domain.mil.id
mail.cliffclav.in
box.nstar.in
mail.bezorgo.info
mail.royalaffiliate.info
mail.royalmedia.info
box.samuel-drapeau.info
box.dspro.io
minerva.solas.is
saga.solas.is
sia.solas.is
uce.solas.is
mail.matteomarescotti.it
mail.laukas.lt
mail.starspace.lv
box.oolong.me
mailgate3.darpa.mil
mailgate4.darpa.mil
mailgate5.darpa.mil
mailgate6.darpa.mil
mx01.nhg.name
mx02.nhg.name
antispam1.7lan.net
awnews.aztgrp.net
mail2.aztgrp.net
relay1.aztgrp.net
mailx1.dg-i.net
mx1.dotxs.net
dubrovskiy.net
emailpreneurs.net
mail.exesus.net
d01.fidela.net
d02.fidela.net
mail.fobul.net
viper.genos.net
hostingbarato.net
ops.hzdmail.net
box.inonso.net
mail1.is-bg.net
mailf.is-bg.net
mail.kerrycze.net
smtp.lbcfree.net
lechiennoir.net
punt1.lrhosting.net
punt2.lrhosting.net
mx.mailanyone.net
ca.mx1.mailanyone.net
dk.mx1.mailanyone.net
se.mx1.mailanyone.net
uk.mx1.mailanyone.net
mail3.marcant.net
ca.mx2.mx25.net
eu.mx2.mx25.net
se.mx2.mx25.net
backupmail.neessen.net
mail.neessen.net
mail.no-sense.net
mailhost.onetrail.net
box.periodoctors.net
box.prospertech.net
box.prymail.net
server03.reb-server.net
mx1.rezel.net
noname.rula.net
mx00.schnied.net
mx20.schnied.net
mx21.schnied.net
dublin.sinnekram.net
hawser.sinnekram.net
box.soleconnect.net
mail.system23.net
mx1.t-2.net
mx2.t-2.net
mx1.tachtler.net
vps01.tim427.net
box.tristanmcdonald.net
mail.vanhard.net
virteck.net
mx1.vos-systems.net
mx2.vos-systems.net
mx3.vos-systems.net
mx4.vos-systems.net
swh5.zylon.net
swh6.zylon.net
swh7.zylon.net
swh8.zylon.net
box.myemail.ninja
mail.2d-computers.nl
mail.accent.nl
mail.acm.nl
mail.acore.nl
mail.beetjevreemd.nl
mail.bertrutjenstimmerwerken.nl
mail.boerskashandelsonderneming.nl
mail.bootsma-advies.nl
mail.bprieshof.nl
mail.buildingconversation.nl
fallback.businessconnect.nl
mx1.businessconnect.nl
mail.cardialysis.nl
mx.cardialysis.nl
mail.climax-atletiek.nl
clubredders.nl
mail.controlink.nl
mail.costor.nl
mail.covra.nl
mail.cyberweerbaarheidnetwerk.nl
mail.dekerkvantoen.nl
smtp.denhaag.nl
mail.denotificatiedienst.nl
mail.dentmail.nl
mail.derukbunker.nl
mail.ditmar-guashatherapie.nl
dommelstein.nl
mail.dozy-portretten.nl
mail.elit.nl
mail.enigmaresearch.nl
mail.fcfoto.nl
mail.fernandokuipers.nl
mail.ffsnelchecken.nl
mail.galerie-delft.nl
mailserver1.go2ubl.nl
mx1.groningen.nl
mx2.groningen.nl
mail.grry.nl
mail.hannahsmit.nl
mail.honkheerenveen.nl
mail.hostedbyjohan.nl
hosting2go-server134.nl
mail.hostingindustries.nl
mail.huureenviool.nl
imk-p-mta1.i-mike.nl
spamfilter1-secure.ict-net.nl
spamfilter2-secure.ict-net.nl
mail.in-deco.nl
isatiscybersecurity.nl
itthuis.nl
mail.jobgenius.nl
mail.joeyvanmelis.nl
mail.josnelissenbv.nl
mx.khonraad-ip4-networks.nl
mail.klok-eco.nl
mail.klokhuis.nl
mail.klusbedrijftimmer.nl
mail.koldeweij.nl
mail.kookhandel.nl
mail.kpjmontfoort.nl
mail.kuss.nl
mail.kynosoft.nl
lifeguardcollege.nl
mail.lifestylefunnels.nl
mail.lightcodealchemy.nl
mail.lokalepartijborsele.nl
mail.ltcdewestkaap.nl
mail.luxespeelkaarten.nl
mail.maakjebrood.nl
filter1.maq2.nl
smt.p.meneeraart.nl
mail.meneerjop.nl
mail.meteowallie.nl
antispam.mica.nl
antispam.mica-it.nl
spamstraat1.mica-it.nl
box.mijn-email-service.nl
mail.millerdigital.nl
mx.mindef.nl
mirfotografeert.nl
mail.motorep.nl
www.musquetier.nl
mx1.netwerkplan.nl
mx2.netwerkplan.nl
dcmx2.nevb.nl
mail.nicknick.nl
mail.noormannen.nl
mail.opfrisbeurt.nl
mx.otadef.nl
smtp.otys.nl
smtp1.mijn.overheid.nl
smtp2.mijn.overheid.nl
mail1.parlement.nl
mail2.parlement.nl
mailrelay.pcextreme.nl
mail.photographicdreams.nl
mail.pixelein.nl
mailgw.pol-it.nl
mail.postenwolk.nl
mail.praktijkbrandnewme.nl
mail.prelution.nl
mail.privva.nl
mail.progressiefbeek.nl
oxygen.proos.nl
mail.pure-connect.nl
mail.quantora.nl
mx1.rdw.nl
mail.reapers-delight.nl
mail.reclamefotografie.nl
mail.redirecter.nl
mail.rijkscloud.nl
mail.rijles040.nl
ruudadviseert.nl
mx1.saxion.nl
mx2.saxion.nl
mail.schildersbedrijfjohn.nl
mail.scpocahontas.nl
mail.scryption.nl
mail.shebiohacks.nl
mx3.solutive.nl
ispc01.sonad.nl
mail-prod.standaardplatform.nl
mail.stopumts.nl
mx.supportatoffice.nl
mail.teatime.nl
rtm0.the-net.nl
webmail.theijn.nl
mail.tijinkeibergen.nl
mail.tollercoaster.nl
relay.transip.nl
relay0.transip.nl
relay1.transip.nl
mail.ttyl.nl
mail.tyrna.nl
uwvsmtp05.uwv.nl
uwvsmtp06.uwv.nl
mail.vakantiewoningeijsden.nl
mx1.vancis.nl
mx2.vancis.nl
mx3.vancis.nl
vanderbeekonline.nl
mail.veiligthuisgroningen.nl
mailhopper.velthovengdw.nl
mail.vitaminenaturel.nl
mail.vlamingschaap.nl
fallback.waversveld.nl
ms.waversveld.nl
mx-in-1.webreus.nl
mx-in-2.webreus.nl
mx-in-3.webreus.nl
mx-in-4.webreus.nl
mx-in-5.webreus.nl
webspinnerij.nl
mail.westkappelserv.nl
mail.x-6.nl
smtpf03.xcons.nl
mail.xonlineserver.nl
mail.web101.your-webhost.nl
mail.web102.your-webhost.nl
mail.web103.your-webhost.nl
mail.web104.your-webhost.nl
mail.web105.your-webhost.nl
mail.web106.your-webhost.nl
mail.web107.your-webhost.nl
mail.web108.your-webhost.nl
mail.web109.your-webhost.nl
mail.web123.your-webhost.nl
mail.web201.your-webhost.nl
mail.web202.your-webhost.nl
mail.web205.your-webhost.nl
mail.web206.your-webhost.nl
mail.web207.your-webhost.nl
mail.web208.your-webhost.nl
mail.web209.your-webhost.nl
mail.web210.your-webhost.nl
mail.web301.your-webhost.nl
mail.web302.your-webhost.nl
mail.web304.your-webhost.nl
mail.web305.your-webhost.nl
mail.web306.your-webhost.nl
mail.web307.your-webhost.nl
mail.web401.your-webhost.nl
mail.web402.your-webhost.nl
relay.zorgmail.nl
fallbackmail.zxcs.nl
mailpod01.zxcs.nl
spamrelay.zxcs.nl
spamrelay03.zxcs.nl
smtp2.cryp.no
mailgate.h4y.no
alfons.uib.no
rolf.uib.no
tim.bkb.nrw
box.siebert.nrw
ns.airy.org
merlino.alchemistowl.org
box.bkmedia.org
corz.org
mail.ifcat.org
mx.lanlos.org
magmadaemon.org
mail.mdevries.org
mail.myicare.org
mx1.nausch.org
mail.photistic.org
mail.razorsedge.org
mx1.slackbuilds.org
mx2.slackbuilds.org
email.titmus.org
mail.vanmastrigt.org
volcanoclient.org
mail.waher.org
mail.ferreira.ovh
mail.zcservices.ovh
mx.biuroskeda.pl
war01mail1.brebank.com.pl
war01mail2.brebank.com.pl
alfa.drama.pl
smtp.drama.pl
mxin-ta11.psgaz.pl
mxin-ta12.psgaz.pl
mxin-za11.psgaz.pl
mxin-za12.psgaz.pl
exchange.tele-car.pl
interchange.tele-car.pl
dubrovskiy.pro
mxout.vangest.pt
mail.lexmedia.ro
mail.pasion.ro
mx5.transsped.ro
mx6.transsped.ro
mail.geoartefact.ru
mail.itnet33.ru
relay0.melenky.ru
mx01.mosinzhproekt.ru
mx02.mosinzhproekt.ru
amber.mobily.com.sa
garnet.mobily.com.sa
opal.mobily.com.sa
pearl.mobily.com.sa
mail.daemonic.se
mx-50.mil.se
mx-60.mil.se
mx-70.mil.se
mx-80.mil.se
mx02.specialfastigheter.se
mx03.specialfastigheter.se
box.zayenz.se
mx.go6lab.si
protector.rajmax.si
smtp-bad-in-2.t-2.si
smtp-good-in-2.t-2.si
posta.lubosillit.sk
mail1.nafta.sk
mail2.nafta.sk
mail.rup.sk
mx1.energymeteo.systems
mx2.energymeteo.systems
jrg.systems
mail.ict-pros.co.tz
box.clientnews1.co.uk
box.clientnews2.co.uk
box.clientnews3.co.uk
box.clientnews4.co.uk
filter2.maq2.us
box.mqgroup.us
mx3.nodns4.us
mx4.nodns4.us
mail.zugz.wang
box.two.wtf
mail.0mail.xyz
box.alete.xyz
mail.ebzao.xyz
box.mojomailer.xyz
box.qsmail.xyz
box.todimail.xyz