| ▲ | whh 3 days ago |
| I found another reason... MS365 require DNSSEC to be enabled if you want DANE for TLS-enforced SMTP. You could also use MTA-STS. |
|
| ▲ | matteocontrini 2 days ago | parent [-] |
| As far as I know, the DANE spec (RFC 7671) requires DNSSEC to be enabled, while MTA-STS does not. |
| |
| ▲ | tptacek 2 days ago | parent [-] | | MTA-STS was standardized explicitly to support the (nearly universal) use case of mail providers without DNSSEC. Even O365, which ostensibly supports DANE/DNSSEC for email security, does so only for select customers and not for ordinary ones (go look for the TLSAs). |
|
