What are the advantages and challenges of DANE deployment?
Advantages:
Eliminates reliance on certificate authorities.
Prevents certificate spoofing.
Improves SMTP security.
Challenges:
Requires DNSSEC which is complex to deploy.
Limited support among mailbox providers.
Harder troubleshooting and maintenance.
DNSSEC fragility is the core challenge. Any failure in the DNSSEC chain such as an expired RRSIG record or a misconfigured key can cause all mail to be blocked which makes it a high risk all or nothing dependency.
Was this answer helpful?
Thanks for your feedback!