DANE uses DNS records to inform other
Posted: Mon Dec 09, 2024 9:55 am
Email servers about TLS encryption support. It also tells the receiving server to expect a certain certificate when connecting to the sending server, thereby defending against attackers who possess a valid TLS certificate from the sending server. However, it relies on the security of the DNS system, meaning it requires DNSSEC, which in turn results in a limited level of adoption (the latter is changing ).
Providing support for DNSSEC (as a prerequisite for list of bosnia and herzegovina whatsapp phone numbers supporting DANE) also brings additional security benefits. Examples include protection against DNS cache poisoning attacks and against custom domains using Mailfence MX records, especially if the custom domain implements DNSSEC.
Both MTA-STS and DANE have their pros and cons. Each can protect against encryption downgrade attacks for mail delivery. So we have implemented both for mailfence.com.
OpenPGP Key Discovery and Exchange (WKD and VKS)
Mailfence offers OpenPGP encryption and signatures for emails. We have been interoperable with other OpenPGP-compatible services since the beginning, and we give our users full control over OpenPGP keys . However, key discovery and exchange has (for a long time) been a challenge for the OpenPGP ecosystem, because it is difficult to know whether keys received from a public key server can be trusted.
Web Key Directory (WKD)
Mailfence now supports a new approach, called Web Key Directory (WKD) , which uses the internet to allow a domain to serve its own keys over HTTPS. This means that when you generate an OpenPGP key pair or import it into your Mailfence account's keystore, the respective public key (including email address and name) will be publicly available on our Web Key Directory server if.
Providing support for DNSSEC (as a prerequisite for list of bosnia and herzegovina whatsapp phone numbers supporting DANE) also brings additional security benefits. Examples include protection against DNS cache poisoning attacks and against custom domains using Mailfence MX records, especially if the custom domain implements DNSSEC.
Both MTA-STS and DANE have their pros and cons. Each can protect against encryption downgrade attacks for mail delivery. So we have implemented both for mailfence.com.
OpenPGP Key Discovery and Exchange (WKD and VKS)
Mailfence offers OpenPGP encryption and signatures for emails. We have been interoperable with other OpenPGP-compatible services since the beginning, and we give our users full control over OpenPGP keys . However, key discovery and exchange has (for a long time) been a challenge for the OpenPGP ecosystem, because it is difficult to know whether keys received from a public key server can be trusted.
Web Key Directory (WKD)
Mailfence now supports a new approach, called Web Key Directory (WKD) , which uses the internet to allow a domain to serve its own keys over HTTPS. This means that when you generate an OpenPGP key pair or import it into your Mailfence account's keystore, the respective public key (including email address and name) will be publicly available on our Web Key Directory server if.