DANE

What is DANE?

DANE is a mechanism that protects the sender of an email by verifying that they are securely connected to the genuine mail server. This prevents MITM attacks where the sender and mail server may be intercepted. The mail server could authenticate itself to the mail client with a certificate, but the SMTP standard does not require it. DANE allows you to enforce encryption and authenticate the sender's certificate by querying DNS servers for MX records. When sending an email, the client queries DNS for an MX record (mail exchange) which holds information about servers that can accept messages from others. With DANE, you could set up a rule in your DNS server to only allow messages from specific servers to use specific key sizes and certificates- this prevents MITM attacks between the sender and mail server.