Safer email delivery with DANE TLSA

The DNS record of the type TLSA improves the utilization of TLS certificates during the communication between two mailservers.
The TLSA record is published for the mailserver If somebody sends you an email, his smtp server can verify using DANE TLSA, that the email is delivered to the right target mailserver (
All the owner of the domain with mailboxes hosted on has to do is check, whether their domain has activated DNSSEC and properly set the MX record with the value
If the domain has another MX records set up, check, whether these MX records are needed. DANE TLSA technology protects only domains, that have activated DNSSEC and that all mailservers listed in its MX records have TLSA records set.
DANE TLSA technology is quite new, so it is not widely used. As of now, not all mailservers check TLSA records. Nevertheless, our mailservers are ready to use DANE TLSA.