How does DANE interact with MTA-STS?
They are competing standards that solve the same problem. A sending server that supports both will prioritize DANE if it detects a valid DNSSEC signed TLSA record. If DANE validation fails or no TLSA record exists it may then check for an MTA STS policy.
Most large providers have chosen a single path. Gmail.com and Microsoft favor MTA STS as receivers. Many European providers prefer DANE. It is rare for a receiving domain to implement both side by side.
Was this answer helpful?
Thanks for your feedback!