Sharp rise in use of DMARC, SPF, DKIM and DANE for mail

DNSSEC as a basis for secure mail transmission

With the cryptographic DNSSEC infrastructure firmly established, great progress is now being made securing the transmission of e-mail traffic. DANE is increasingly well supported by e-mail software. And, here in the Netherlands, the government is proving to be a committed driver of DMARC, SPF and DKIM implementation.

Tim Draegen, co-inventor of the DMARC standard, recently received a certificate from the government in recognition of DMARC's addition to the 'use-or-explain' list. Since then, government and semi-government organisations have been obliged to implement the standards when procuring new ICT systems and services. What's more, according to the latest Joint Ambition Statement, the aim is to adopt the strictest DMARC setting ('p=quarantine' or 'p=reject') for all government domains by the end of 2019.

BartKnubben-20180830_oorkonde_tim_draegen

The two associated standards (SPF and DKIM) had previously been added to the 'use-or-explain' list. The strictest SPF setting — '~all' of '-all' — is also to be implemented by the end of next year.

DANE for mail

Meanwhile, mail software developers are continuing to work on the implementation of DANE, a cryptographic technique for anchoring TLS certificates in the mail system. For example, port25 recently announced that it had implemented DANE validation (for outgoing mail) in version 5.0 of its PowerMTA bulk-mailer. Manvendra Bhangui, lead developer of the IndiMail MTA, added DANE validation to release 2.5 of the program last spring.

The Forum for Standardisation is now investigating whether DANE validation for outgoing mail and DANE certificate pinning for incoming mail should also be added to the 'use-or-explain' list. At the start of this year, the European Commission recognised DANE for both mail and the web as an official standard for use in procurement.

Comments

  • Thursday 4 October 2018

    About SIDN

    Slow adoption of IPv6 risks harming Dutch innovation climate

    Thumb-two-four-twelve

    Migration to IPv6 needed to maintain investment and innovation linked to the IoT

    Read more
  • Monday 17 December 2018

    Knowledge

    IDnext and SIDN intensify collaboration

    Thumb-logo-IDnext

    Joint IDnext event will promote innovation in the field of digital identification

    Read more
  • Wednesday 17 October 2018

    Internet security

    Many Dutch people are still using (insecure) public Wi-Fi

    Thumb-wifi

    Here's how to get on line securely via a public Wi-Fi network

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.