On 2023-09-28 03:13:27 (+0800), Mike Hillyer via mailop wrote:
Breaking news, Microsoft is pulling the trigger on DANE next year: Implementing Inbound SMTP DANE with DNSSEC for Exchange Online Mail Flow
This is good news. Hopefully this will encourage more organisations to finally enable DNSSEC (and DANE).
Also, it appears that it will come with a naming change for MX records, with mx.microsoft being the new root, so it will need to be used/added to traffic shaping rulesets along with mail.protection.outlook.com
Interesting that they're putting this in an entirely new TLD. I can imagine several reasons why signing microsoft.com or outlook.com would be impractical, but I'm slightly surprised they're not using a new domain in a well-known generic TLD.
I bet a common misconfiguration will be admins automatically typing .com after .microsoft. :-)
Philip -- Philip Paeps Senior Reality Engineer Alternative Enterprises _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
