How does DANE compare to MTA-STS?

MTA STS uses HTTPS hosted policies and trusted certificate authorities.

DANE uses DNSSEC to sign DNS hosted TLSA records.

MTA STS relies on the certificate authority ecosystem. DANE removes that dependency and trusts DNSSEC instead.

DANE is stronger in theory but harder to deploy.