Securing eMail With D.A.N.E.

Some day I’ll get time to do an article on setting up a complete email server with the most advanced security and spam protection, but for now we’ll focus on DNS-based Authentication of Named Entities (DANE).  Of all the methods of securing email, DANE is the most comprehensive and advanced to date.

In a nutshell, DANE is a way of to authenticate TLS client and server sessions (for both web and email) without the need of a Certificate Authority.  DANE has become more popular in recent years due to security breaches of some Certificate Authorities, which allowed encryption certificates to be issued to non-domain owners for malevolent purposes.  DANE provides an independent means of checking certs to make sure of their provenance, and therefore that the session is secure.