& DANE for SMTP

Speaker: Dennis Baaten


Historically, SMTP servers exchange emails using either an unencrypted (plaintext) connection or (since 2002) an encrypted connection based on the opportunistic STARTTLS protocol. At the same time SMTP servers, by design, did not validate the authenticity of another email server’s certificate; any random certificate were accepted. In short; confidentiality and integrity of (public) email transport cannot be guaranteed without taking extra measures. This is where DANE for SMTP comes in, as it enables email servers to determine up front whether or not another SMTP server supports an encrypted connection, while also providing the means of validating the authenticity of the other email server’s certificate.


Dennis Baaten is a freelance security consultant and ethical hacker. He works for the Dutch Internet Standards Platform where he operates the support desk of, contributes to the development of the platform, and creates technical how-to guides on implementing secure Internet standards.

najaar 2021

Vereniging NLUUG
           postbus 8189
6710 AD Ede