dnssec
If you’re one of those weirdos (like me) who tracks what email providers hosts mail for what domains, you’ll want to take note of this. In the email industry’s ongoing efforts to improve email security, Microsoft is adding the ability for Microsoft-hosted domains to implement DANE with DNSSEC. As Microsoft explains, “SMTP DANE is a security protocol that uses DNS to verify the authenticity of the certificates used for securing email communication with TLS and protecting against TLS downgrade attacks. DNSSEC is a set of extensions to DNS that provides cryptographic verification of DNS records, preventing DNS spoofing and adversary-in-the-middle attacks to DNS.” Anyway, my point is not to dissect the potential value of DANE or theorize how long it’ll take for a majority of customer domains to be updated (Microsoft hosts mail for 750,000 of the top ten million domains, and I’m sure many more beyond that). Instead, I