What is DANE for SMTP?

DANE, also known as DNS Based Authentication of Named Entities, is a security protocol defined in RFC 6698 and applied to SMTP in RFC 7672, and it uses DNSSEC to authenticate TLS connections for SMTP. It allows domain owners to publish the exact certificates or public keys that sending mail servers should trust.

It is the equivalent of publishing the official list of approved harbor beacons so incoming ships know exactly which signals are real and which are forged.