After 14 years this is still open. What I can't figure out is why not having DNSSEC with RFC 6186 is seen as such a big problem while the currently implemented [Autoconfiguration](https://wiki.mozilla.org/Thunderbird:Autoconfiguration) feature gets the information from plain HTTP URLs. Both methods are identically vulnerable to MitM.
After 14 years this is still open. What I can't figure out is why not having DNSSEC with RFC 6186 is seen as such a big problem while the currently implemented [Autoconfigurat ion](https:/ /wiki.mozilla. org/Thunderbird :Autoconfigurat ion) feature gets the information from plain HTTP URLs. Both methods are identically vulnerable to MitM.