Traditionally, connections between mail servers have hardly been secured. STARTTLS is an extension to provide existing protocols with connection security. If you only use STARTTLS to secure connections between mail servers, this will protect against so-called passive attackers. An active attacker can easily undo the use of STARTTLS. The DANE protocol allows you to verifiably indicate that your server offers a secure connection.
The NCSC recommends enabling STARTTLS and DANE for all your organisation’s incoming and outgoing email traffic.
The National Council Digital Government has decided in September 2016 to include STARTTLS and DANE for email traffic in the list of compulsory open standards. Therefore, it is compulsory for Dutch government bodies to apply these standards when investing in email systems.
The standards STARTTLS and DANE are also part of the initiative 'Secure E-mail Coalition', a partnership of businesses, trade associations and governments. This initiative is aimed at broader adoption of email security and up-to-date standards. This factsheet supports organisations that want to start using these standards.
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!