Exchange Online adds Inbound DANE with DNSSEC for everyone

Exchange Online adds Inbound DANE with DNSSEC for everyone

October 28, 2024 at 03:26PM

Microsoft has launched inbound SMTP DANE with DNSSEC for Exchange Online, enhancing email security. Following delays due to security concerns, this feature is now available to all customers, with complete rollouts expected by early 2025. It protects against man-in-the-middle attacks by verifying email communication authenticity.

### Meeting Takeaways: Microsoft Inbound SMTP DANE with DNSSEC Announcement

1. **General Availability**: Microsoft has announced that inbound SMTP DANE with DNSSEC for Exchange Online is now generally available, enhancing email security and integrity.

2. **Timeline Adjustment**: Originally planned for a public preview from March to July 2024, the release was delayed due to security investments required during the Private Preview; however, the public preview began in July 2023.

3. **Cost**: This new security capability will be available for free to both home and enterprise customers, with some Outlook domains already enabled.

4. **Implementation Plans**:
– Several Outlook email domains have already implemented Inbound SMTP DANE with DNSSEC.
– Full implementation for all Outlook and Hotmail domains is expected to be completed by the end of 2024.

5. **SMTP DANE Support**: This announcement completes Exchange Online’s SMTP DANE with DNSSEC support, as outbound SMTP DANE with DNSSEC has been available since March 2022.

6. **Rollout Roadmap**:
– **December 2024**: Inbound SMTP DANE with DNSSEC and MTA-STS reporting will be available in the Exchange admin center.
– **December 2024 – March 2025**: Deployment for all consumer Outlook and Hotmail domains will take place.
– **May 2025**: Mandatory enablement of Outbound SMTP DANE per tenant/per-remote domain.

7. **Security Benefits**:
– **Mitigation of Attacks**: The security protocol helps defend against downgrade and man-in-the-middle (MiTM) attacks.
– **Email Authenticity**: It verifies the authenticity of certificates used in email communication and ensures secure connections between sending and receiving servers via TLS Authentication (TLSA) DNS records.
– **Protection Against Spoofing**: DNSSEC provides cryptographic verification of DNS records, enhancing email message security against interception and hijacking.

8. **Implementation Details**: More detailed information on how to implement Inbound SMTP DANE with DNSSEC for Exchange Online mail flow can be found in the Microsoft tech community post.

Full Article