DANE for e-mail: what is it and why do you need it?

The threat from mail abuse is often underestimated

When they come across domain names resembling their brands, brand owners often decide not to act in cases where the domain name doesn't seem to be in use. In other words, where there's no website linked to the name. What people tend to overlook is that, even though a domain name has no website, scammers may be using it for sending spam or for CEO fraud. Recently, however, several major incidents have highlighted the problem of mail fraud and the importance of securing business mail.


One of the internet standards to benefit from the upturn in interest is DANE (RFC 7671). Although the standard has been around for a while, there was exponential growth in DANE use in the Netherlands during 2019. Short for DNS-based Authentication of Named Entities, DANE is a protocol for secure publication of public keys and certificates. The standard utilises the cryptographically secured DNS infrastructure provided by DNSSEC. In other words, when used with other standards, DANE for mail prevents mail falsification by verifying the sender's details.

Complex standard

Many users, including experienced CISOs, struggle to secure e-mail, because it depends on implementing various mutually complementary standards. As well as DANE, you need to be using SPF and DKIM for the set-up to work. Furthermore, DANE's rapid adoption in the Netherlands has been possible only because the open security standard DNSSEC is in such widespread use here. Nevertheless, getting to grips with e-mail security is worthwhile for CISOs, because mail fraud can cost victims millions.

Want to know more?

You'll find an extensive set of FAQs about DANE on sidn.nl. And last year we did a webinar about e-mail security and DANE, which is still available to watch here. Finally, SIDN Labs often publishes articles about open standards such as DANE. Visit https://www.sidnlabs.nl/ to see what's available.


  • Monday 1 October 2018

    SIDN Labs

    KSK Key Roll Last Call


    Root zone's DNSSEC KSK rollover is going ahead!

    Read more
  • Wednesday 3 October 2018

    SIDN Labs

    New Franco-Dutch research project on automatic classification of domain name abuse


    Compromised vs. maliciously registered

    Read more
  • Tuesday 16 July 2019

    Internet security

    Travel organisations are the summer's preferred phishing target

    Phishing 520x520

    The holiday season has started

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.