Earlier this year the CA/Browser Forum voted to make Certificate Authority Authorization (CAA) mandatory for all Certificate Authorities. What this means that domains will need to assert via DNS records (the CAA DNS RRType) which CA’s are permitted to issue certificates for your domains. Think of it as “sort of like SPF, but for SSL/TLS certs”.
We would like to announce that we have implemented the Sender Rewrite Scheme, or SRS, on our mail forwarding services. This is designed to remedy the increasingly prevelant problem with SPF enforcement breaking email forwarding services from any provider, including ourselves.
The SPF protocol allows domain administrators to specify which mailservers are authorised to send email from addresses within that domain name, this helps reduce spam in general and the problem of spammers pretending they are sending from domains they have no connection to. The problem arises when a domain with SPF records in place sends email to an address which is in turn forwarded to an address which enforces SPF. The receiving server looks at the domain in the return_path header from the email and compares the IP of the mailserver it is receiving the email from, which is the forwarding server, with the list of allowed mailservers for that domain. Naturally the sender does not have any connection to the provider forwarding the mail and the forwarding mailservers IP is not on the list of authorised servers, and the receiving server bounces the email.
SRS rewrites the return_path header to maintain a record of the original sender information but ending in a domain name controlled by the forwarding provider, in our case srszone.org, which has an SPF record which includes the forwarding server and so passes the recipient SPF check, preventing the forwarding mail from bouncing.
For anyone who for any reason does not want their domain’s mail forwarding to make use of SRS we are shortly rolling out the ability to disable this through your domains email settings, for the time being you can send us a request to exempt your domain through the Get Support link at the top left of your account.
At the moment when you login you will see “no domains in account”, we are rectifying this and will restore normal services shortly.
Here is a quick walkthrough the new ZoneEdit control panel, including a look at the dynamic DNS setup. You can also watch it in a larger resolution on Youtube.
You may now move your domain registration over to ZoneEdit and consolidate management of both the domain registry and your DNS.
Things to Know:
- Domain transfers cost $12 and add 1 year of time, you don’t lose anything if you still have time left with your old registrar – it functions as if it’s an “early renewal”
- FREE DOMAIN PRIVACY on the first 5,000 domains transferred to ZoneEdit (valid for .com, .net, .org, .biz and .info domains) – (a $9.95/year value)
- FYI: Your Registrar of record will show up as “easyDNS” (ZoneEdit’s parent company), with ZoneEdit as the “Reseller”.
- All transferred domains qualify for Premium Support.
Just log in, manage your domains and click on the Switch Registrar link:
We’ve brought back the option to obtain an additional tertiary DNS nameserver. The tertiary DNS nodes are located within special, segregated data centers with more redundancy, located in Amsterdam or New York City.
Is one of your domains not resolving?
The problem may not be with your DNS provider, it could be with your registrar, the registry or something else entirely.
Follow this process to find out exactly where the problem is.
If you weren’t already aware, ZoneEdit has been acquired by easyDNS.
On Saturday Oct. 4th, 2014 we performed the major cutover of all systems to brand new infrastructure operated by the new ZoneEdit.
All existing services and plans will be grandfathered into the new system.