Microsoft recently announced an upcoming Public Preview for Inbound SMTP DANE with DNSSEC for Exchange Online. This feature will enhance the security and reliability of email delivery for organizations by ensuring that the email servers that send and receive messages are authentic and trustworthy.

What is Inbound SMTP DANE with DNSSEC?

DANE stands for DNS-based Authentication of Named Entities, and DNSSEC stands for Domain Name System Security Extensions. These are two standards that work together to prevent spoofing, phishing, and man-in-the-middle attacks that can compromise email communication.

DANE allows email servers to publish their identity and encryption information in their DNS records, which are then secured by DNSSEC. DNSSEC is a protocol that adds cryptographic signatures to DNS records, which are then verified by recursive resolvers. This way, email servers can prove their identity and encryption capabilities to each other and avoid any tampering or interception by malicious actors.

How Does Inbound SMTP DANE with DNSSEC Work?

When Inbound SMTP DANE with DNSSEC is enabled for Exchange Online, it tells the world that it only accepts email from servers that have valid DANE records in their DNS. This means that the sending server has to prove its identity by presenting a certificate that matches the DANE record. If the certificate is invalid or missing, the message will be rejected.

What Are The Benefits of Inbound SMTP DANE With DNSSEC For Organizations?

Inbound SMTP DANE with DNSSEC provides several benefits for organizations, such as:

  1. Improved security: Organizations can reduce the risk of receiving malicious or fraudulent emails from attackers who try to impersonate legitimate senders or domains. By verifying the identity and encryption of the sending server, users can ensure that the emails received from the intended source have not been altered or compromised in transit.
  2. Enhanced reputation: Businesses can demonstrate to customers, partners, and regulators that they care about the security and integrity of email communication. By enabling Inbound SMTP DANE with DNSSEC, you can show that you are following the best practices and standards for email security and reliability.
  3. Increased deliverability: Organizations can avoid potential issues with spam filters or blacklists that may affect email delivery. By rejecting invalid or unauthenticated messages, users can reduce the amount of spam and phishing emails that reach inboxes, and improve sender reputation.

When Will Inbound SMTP DANE With DNSSEC Be Available For Exchange Online?

The Public Preview for Inbound SMTP DANE with DNSSEC for Exchange Online will start in March 2024. This means that organizations will be able to test this feature and provide feedback to Microsoft before it becomes generally available. To opt-in to the Public Preview, businesses will need to have a valid DNSSEC-enabled domain and follow the steps described in the Public Preview notice.

Why Do We Recommend Inbound SMTP DANE With DNSSEC For Exchange Online?

At Virtuas, we are always looking for ways to help our clients improve their IT infrastructure and security posture. We believe that Inbound SMTP DANE with DNSSEC is a valuable addition to businesses’ Exchange Online environment that will provide them with more confidence and control over email communications. By enabling this feature, users can protect their organization from email-based threats and enhance their reputation as a secure and reliable sender.

How Can Virtuas Help Organizations With Inbound SMTP DANE With DNSSEC?

Organizations that need any assistance with enabling Inbound SMTP DANE with DNSSEC for their Exchange Online tenant, or if they have any questions or feedback about this feature, please do not hesitate to contact Virtuas. We are here to support businesses and help them get the most out of their Microsoft solutions.



Our team @Virtuas