DANE / TLSA
How to demand encryption. MTA-STS is a policy that stops "downgrade attacks" (where a hacker forces a connection into plain text). It tells other servers, "You must connect to me with (TLS) encryption. If you can't, do not send the message at all.
Questions about DANE / TLSA
What is DANE for SMTP?
What are TLSA records?
How does DANE improve email security?
Is DANE widely adopted for email?
How does DANE compare to MTA-STS?
What is DANE and how does it use DNSSEC?
How does DANE authenticate SMTP connections?
How does DANE interact with MTA-STS?
What are the advantages and challenges of DANE deployment?
Why is DANE rarely used in commercial email?
How does DANE affect fallback behavior when DNSSEC fails?