DNSSEC & DANE is down for kurzepost.de, trashmail.com, all domains. Man in the middle attack?

Bug reports about this site.
Post Reply
janosh
Posts: 1
Joined: 02 Dec 2020, 21:18
Contact:

DNSSEC & DANE is down for kurzepost.de, trashmail.com, all domains. Man in the middle attack?

Post by janosh » 02 Dec 2020, 21:29

Hello,
My email provider rejected to deliver to kurzepost.de with warning " non DNSSEC destination".
Further feedback from a supporter of email provider: It seems that I communicated to this destination via DANE standard but at the moment DNSSEC & DANE is not supportet by this destination, which can mean a Man-in-the-Middle-Attack or just a wrong server setting and I should get in contact with the team of the domain.

UPDATE: 13.12.2020 checked most domains of trashmail and changed title.

Dane test fails for all domains of trashmail I tested:
https://dane.sys4.de/smtp/kurzepost.de -> DNSSEC: Insecure Domain.
https://dane.sys4.de/smtp/trashmail.com -> DNSSEC: Insecure Domain.
https://dane.sys4.de/smtp/wegwerfmail.de -> DNSSEC: Insecure Domain.
https://dane.sys4.de/smtp/0box.eu -> DNSSEC: Insecure Domain.
https://dane.sys4.de/smtp/[secret domain name] -> DNSSEC: Insecure Domain.

Admin
Site Admin
Posts: 1335
Joined: 16 Jun 2006, 08:55
Location: Germany
Contact:

Re: DNSSEC & DANE is down for kurzepost.de, trashmail.com, all domains. Man in the middle attack?

Post by Admin » 31 Jan 2021, 16:00

Correct, we kicked out DANE, as maintenance was too complex.
Its anyway inconsistent with custom domains. If we really want it, TrashMail should own the custom domain names but that would mean that customers would loss control about their domain names (they probably don't want to do only email with that).
Best regards,
Stephan Ferraro
Founder of TrashMail.com
CEO of Aionda GmbH

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests