July 17, 2024 at 03:09PM
Microsoft is introducing inbound SMTP DANE with DNSSEC for Exchange Online in public preview to enhance email security. This includes utilizing TLS Authentication (TLSA) DNS record for verifying mail server identity and using DNSSEC for cryptographically verifying DNS records. The rollout, scheduled until 2025, aims to protect email domains from impersonation and ensure secure message delivery.
Based on the meeting notes, here are the key takeaways:
– Microsoft is introducing Inbound SMTP DANE with DNSSEC for Exchange Online in public preview.
– This new capability aims to enhance email integrity and security, especially by defending against downgrade and man-in-the-middle attacks.
– SMTP DANE utilizes TLS Authentication DNS records to verify the identity of destination mail servers and the authenticity of certificates used for securing email communication.
– DNS-based Authentication of Named Entities (DANE) for SMTP and Domain Name System Security Extensions (DNSSEC) together provide cryptographic verification of DNS records during transit, preventing spoofing, hijacking, and interception of email messages.
– The rollout roadmap indicates that the new capability will be deployed across all Outlook domains in late 2024.
– Microsoft plans to provide this capability for free to enterprise and home customers and urges other email providers and domain owners to adopt these standards.
Overall, the focus is on enhancing email security and protecting users from malicious actors through the implementation of Inbound SMTP DANE with DNSSEC.