Microsoft introduced right this moment that inbound SMTP DANE with DNSSEC for Change On-line, a brand new functionality to spice up electronic mail safety and integrity, is now usually out there.
The corporate introduced in September 2023 a public preview that may roll out from March to July 2024. Nonetheless, it was pressured to delay it due to “necessary security investments” recognized throughout the Non-public Preview stage, and the general public preview began this July.
Redmond will present this new functionality to residence and enterprise clients free of charge and says it has already been enabled for some Outlook domains.
“Inbound SMTP DANE with DNSSEC has already been implemented for several Outlook email domains, and implementation for the remaining Outlook and Hotmail domains for consumer email is expected to be completed by the end of 2024,” the Microsoft 365 Messaging Workforce mentioned on Monday.
With this new functionality now out there to all tenants, Microsoft completes Change On-line’s SMTP DANE with DNSSEC assist since outbound SMTP DANE with DNSSEC has been supported since March 2022.
The Change Workforce additionally shared a rollout roadmap right this moment, which reveals that Microsoft will deploy this new functionality throughout all client Outlook and Hotmail domains by March 2025:
- December 2024 – Inbound SMTP DANE with DNSSEC and MTA-STS report within the Change admin middle
- December 2024 – March 2025
- Deploying Inbound SMTP DANE with DNSSEC for all client Outlook and Hotmail domains (for instance – hotmail.nl)
- Transition provisioning of mail information for all newly created Accepted Domains into DNSSEC-enabled infrastructure beneath *.mx.microsoft
- Might 2025 – Obligatory Outbound SMTP DANE, set per-tenant/per-remote area
Because the Change staff defined right this moment, Area Title System Safety Extensions (DNSSEC) and DNS-based Authentication of Named Entities (DANE) for SMTP defend in opposition to downgrade and man-in-the-middle (MiTM) assaults.
The SMTP DANE safety protocol verifies the authenticity of the certificates used to safe electronic mail communication and the identification of vacation spot mail servers through a TLS Authentication (TLSA) DNS report. This helps block TLS downgrade and MiTM assaults (wherein malicious actors alter or listen in on a goal’s messages) by making certain safe connections between sending and receiving servers.
DNSSEC DNS extensions additionally present cryptographic verification of DNS information throughout transit, thus stopping spoofing, hijacking, and interception of electronic mail messages.
As soon as enabled, Inbound SMTP DANE with DNSSEC will shield Change On-line electronic mail domains from impersonation and be certain that emails are despatched to the supposed recipients utilizing encryption with out being redirected or modified earlier than they attain the supposed recipient.
Microsoft supplies extra particulars on implementing Inbound SMTP DANE with DNSSEC for Change On-line mail circulation on this tech neighborhood submit.
