Brotman, Alexander
2017-07-18 17:45:41 UTC
Hello,
Some time ago, Comcast rolled out TLSA records for senders to utilize when sending to "comcast.net" recipients, allowing senders to authenticate the certificates presented by our MTAs. In continuing support for DANE, we intend to deploy pilot code for outbound DANE this week, allowing us to do the same for traffic coming from our platform destined for other sites. We will pilot this with a few chosen domains that we've contacted and have made aware of our plans. Once we feel more comfortable with this, we will remove the restrictions and attempt DANE for all destination domains (with an exemption list for known-broken destination domains). If you would like to submit your domain to be part of the pilot, please drop me a note off-list.
--
Alex Brotman
Sr. Engineer, Anti-Abuse
Comcast
x5364
Some time ago, Comcast rolled out TLSA records for senders to utilize when sending to "comcast.net" recipients, allowing senders to authenticate the certificates presented by our MTAs. In continuing support for DANE, we intend to deploy pilot code for outbound DANE this week, allowing us to do the same for traffic coming from our platform destined for other sites. We will pilot this with a few chosen domains that we've contacted and have made aware of our plans. Once we feel more comfortable with this, we will remove the restrictions and attempt DANE for all destination domains (with an exemption list for known-broken destination domains). If you would like to submit your domain to be part of the pilot, please drop me a note off-list.
--
Alex Brotman
Sr. Engineer, Anti-Abuse
Comcast
x5364