DANE is DNS-based Authentication of Named Entities, it provides a mechanism (using TLS Encryption) to validate that a DNS query returns the data provided by the domains authoritative name server.
DANE enables the administrator of a domain name to certify the keys used in that domain's TLS clients or servers by storing them in the Domain Name System (DNS).
DANE needs the DNS records to be signed with DNSSEC for its security model to work.
The following requirements must be met by you prior to contacting our support team.
- Have DNSSEC configured for MX records
Cover the domain's MX record(s), A record, TLSA record, and any associated CNAME records by DNSSEC
Add TLSA DNS records
If you want to enforce DANE, this needs to be set up explicitly by our Support team.
Information to Provide
When you contact support, please provide answers to the following questions:
- Which direction of mail do you want to enforce? Inbound or Outbound?
Which filtering nodes of the local cloud would you like the DANE enforcement enabled on?
Which filtered domains on your cluster would you like the enforcement on?
Once we have the answers to the above, we can assist you to get this set up.
Please contact Spam Experts support to have DANE enforcement enabled.