Sharp rise in use of DMARC, SPF, DKIM and DANE for mail

DNSSEC as a basis for secure mail transmission

With the cryptographic DNSSEC infrastructure firmly established, great progress is now being made securing the transmission of e-mail traffic. DANE is increasingly well supported by e-mail software. And, here in the Netherlands, the government is proving to be a committed driver of DMARC, SPF and DKIM implementation.

Tim Draegen, co-inventor of the DMARC standard, recently received a certificate from the government in recognition of DMARC's addition to the 'use-or-explain' list. Since then, government and semi-government organisations have been obliged to implement the standards when procuring new ICT systems and services. What's more, according to the latest Joint Ambition Statement, the aim is to adopt the strictest DMARC setting ('p=quarantine' or 'p=reject') for all government domains by the end of 2019.

BartKnubben-20180830_oorkonde_tim_draegen

The two associated standards (SPF and DKIM) had previously been added to the 'use-or-explain' list. The strictest SPF setting — '~all' of '-all' — is also to be implemented by the end of next year.

DANE for mail

Meanwhile, mail software developers are continuing to work on the implementation of DANE, a cryptographic technique for anchoring TLS certificates in the mail system. For example, port25 recently announced that it had implemented DANE validation (for outgoing mail) in version 5.0 of its PowerMTA bulk-mailer. Manvendra Bhangui, lead developer of the IndiMail MTA, added DANE validation to release 2.5 of the program last spring.

The Forum for Standardisation is now investigating whether DANE validation for outgoing mail and DANE certificate pinning for incoming mail should also be added to the 'use-or-explain' list. At the start of this year, the European Commission recognised DANE for both mail and the web as an official standard for use in procurement.

Comments

  • Friday 19 July 2019

    Internet security

    Many users prefer convenience to security even with DigiD

    2fa 520

    E-Government Survey Report 2019 published

    Read more
  • Tuesday 23 April 2019

    Internet security

    India and China go for large-scale IPv6 implementation

    The handicap of a head start

    Read more
  • Friday 19 January 2018

    About SIDN

    Visit our stand at the Webwinkel Vakdagen!

    Thumb-WWVD

    Win €1,000 of Google AdWords credit

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.