Sharp rise in use of DMARC, SPF, DKIM and DANE for mail

DNSSEC as a basis for secure mail transmission

With the cryptographic DNSSEC infrastructure firmly established, great progress is now being made securing the transmission of e-mail traffic. DANE is increasingly well supported by e-mail software. And, here in the Netherlands, the government is proving to be a committed driver of DMARC, SPF and DKIM implementation.

Tim Draegen, co-inventor of the DMARC standard, recently received a certificate from the government in recognition of DMARC's addition to the 'use-or-explain' list. Since then, government and semi-government organisations have been obliged to implement the standards when procuring new ICT systems and services. What's more, according to the latest Joint Ambition Statement, the aim is to adopt the strictest DMARC setting ('p=quarantine' or 'p=reject') for all government domains by the end of 2019.


The two associated standards (SPF and DKIM) had previously been added to the 'use-or-explain' list. The strictest SPF setting — '~all' of '-all' — is also to be implemented by the end of next year.

DANE for mail

Meanwhile, mail software developers are continuing to work on the implementation of DANE, a cryptographic technique for anchoring TLS certificates in the mail system. For example, port25 recently announced that it had implemented DANE validation (for outgoing mail) in version 5.0 of its PowerMTA bulk-mailer. Manvendra Bhangui, lead developer of the IndiMail MTA, added DANE validation to release 2.5 of the program last spring.

The Forum for Standardisation is now investigating whether DANE validation for outgoing mail and DANE certificate pinning for incoming mail should also be added to the 'use-or-explain' list. At the start of this year, the European Commission recognised DANE for both mail and the web as an official standard for use in procurement.


  • Friday 24 January 2020

    About SIDN

    Introducing our new Key Account Manager, Alfredo Garcia Frias


    A man who knows the domain name industry well

    Read more
  • Wednesday 25 July 2018

    SIDN Labs

    Students give SIDN Labs course thumbs up


    The course will be followed up

    Read more
  • Monday 12 November 2018

    Internet security

    Watch out! Fake Tikkie domain name used in scam


    Case: Tikkie domain name scam

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.