Secure email transport (STARTTLS and DANE)

Why

• "Opportunistic Security: Some Protection Most of the Time" by V. Dukhovni
• "New e-mail security protocols mandatory within government" by Marco Davids (SIDNlabs)
• "The sad state of SMTP encryption" by Filippo Valsorda

Adoption statistics

• DANE trend graphs
• DANE statistics
• Google's statistics on STARTTLS

Further information

• How-to on 'DANE for SMTP' by Dutch Internet Standards Platform
• Wiki over 'DANE for SMTP'
• Factsheet "Secure the connections of mail servers" by NCSC-NL
• "ICT securitity guidelines for TLS v2.0" by NCSC-NL
• BSI TR-03108 Sicherer E-Mail-Transport by German Federal Office for Information Security
• Special Publication 1800-6: “Domain Name Systems-Based Electronic Mail Security” by NIST

Specifications and guidelines

• RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
• RFC 7672: SMTP Security via Opportunistic DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS)
• RFC 7671: The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance