To provide the latest advanced email protection standards to its customers, Microsoft has announced that Exchange Online will be adding support for two new Internet standards specific to SMTP traffic.
- DANE for SMTP provides a more secure method for email transport. DANE uses the presence of DNS TLSA resource records to securely signal TLS support to ensure sending servers can successfully authenticate legitimate receiving email servers. This makes the secure connection resistant to downgrade and Man in the Middle (MITM) attacks.
- DNSSEC works by digitally signing records for DNS lookup using public key cryptography. This ensures that the received DNS records have not been tampered with and are authentic.
To support these standard, Microsoft will be providing support for TLS reporting (TLS-RPT).
- TLS-RPT enables diagnostic reporting to support monitoring and troubleshooting of TLS connectivity issues.
Microsoft will be releasing DANE and DNSSEC for SMTP in two phases. In the first phase will include only outbound support (mail sent outbound from Exchange Online). Microsoft will tryto enable this before the end of the 2020. The second phase will add inbound support for Exchange Online and we plan to enable that by the end of 2021. For both of those phases, corresponding TLS-RPT support will be provided
The whole article can be found here: support-of-dane-and-dnssec-in-office-365-exchange-online