Support of DANE and DNSSEC in Office 365 Exchange Online

To provide the latest advanced email protection standards to its customers, Microsoft has announced that Exchange Online will be adding support for two new Internet standards specific to SMTP traffic.

These standards are DNSSEC (Domain Name System Security Extensions) and DANE for SMTP (DNS-based Authentication of Named Entities).

  • DANE for SMTP provides a more secure method for email transport. DANE uses the presence of DNS TLSA resource records to securely signal TLS support to ensure sending servers can successfully authenticate legitimate receiving email servers. This makes the secure connection resistant to downgrade and Man in the Middle (MITM) attacks.
  • DNSSEC works by digitally signing records for DNS lookup using public key cryptography. This ensures that the received DNS records have not been tampered with and are authentic. 

To support these standard, Microsoft will be providing support for TLS reporting (TLS-RPT). 

  • TLS-RPT enables diagnostic reporting to support monitoring and troubleshooting of TLS connectivity issues. 

Microsoft will be releasing DANE and DNSSEC for SMTP in two phases. In the first phase will include only outbound support (mail sent outbound from Exchange Online). Microsoft will tryto enable this before the end of the 2020. The second phase will add inbound support for Exchange Online and we plan to enable that by the end of 2021. For both of those phases, corresponding TLS-RPT support will be provided

The whole article can be found here: support-of-dane-and-dnssec-in-office-365-exchange-online

Free subscription



You may also like...

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *

Deze website gebruikt Akismet om spam te verminderen. Bekijk hoe je reactie-gegevens worden verwerkt.