Please see [this Wikipedia article](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) about what DNSSEC is.
Please see [this article](https://github.com/internetstandards/toolbox-wiki/blob/main/DANE-for-SMTP-how-to.md) about what DANE is.
Please see [this article](https://github.com/internetstandards/toolbox-wiki/blob/main/DANE-for-SMTP-how-to.md) about what DANE is.
Alternatively, see [this Wikipedia article](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities).
Alternatively, see [this Wikipedia article](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities).
You can use [this tool](https://ssl-tools.net/tlsa-generator) to generate TSLA DNS records.
You can use [this tool](https://ssl-tools.net/tlsa-generator) to generate TSLA DNS records for DANE.
You can enable enforcing DANA in the (advanced) account and identity settings (since version 1.2148).
Note that only some email servers support DANE and that only a limited number of DNS servers support DNSSEC, which is required for DANE.
You can enable enforcing DNSSEC and/or DANA in the (advanced) account and identity settings (since version 1.2148).
Except for DANE, FairEmail won't enforce DNSSEC because adoption of DNSSEC is still limited (~30% at the start of 2024).
Note that only some email providers support DANE and that only a limited number of DNS servers support DNSSEC (January 2024: ~30%), which is required for DANE.
<p>When certificate transparency is enabled in the connection-settings tab page of the app, the <ahref="https://github.com/GoogleChrome/CertificateTransparency/blob/master/ct_policy.md">Chrome Certificate Transparency Policy</a> will be applied.</p>
<p>When certificate transparency is enabled in the connection-settings tab page of the app, the <ahref="https://github.com/GoogleChrome/CertificateTransparency/blob/master/ct_policy.md">Chrome Certificate Transparency Policy</a> will be applied.</p>
<p>FairEmail uses <ahref="https://github.com/appmattus/certificatetransparency">this library</a> to implement certificate transparency via a custom trust manager.</p>
<p>FairEmail uses <ahref="https://github.com/appmattus/certificatetransparency">this library</a> to implement certificate transparency via a custom trust manager.</p>
<p><br></p>
<p><br></p>
<p><aname="faq202"></a><strong>(202) What is DANE?</strong></p>
<p><aname="faq202"></a><strong>(202) What is DNSSEC and what is DANE?</strong></p>
<p>Please see <ahref="https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions">this Wikipedia article</a> about what DNSSEC is.</p>
<p>Please see <ahref="https://github.com/internetstandards/toolbox-wiki/blob/main/DANE-for-SMTP-how-to.md">this article</a> about what DANE is. Alternatively, see <ahref="https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities">this Wikipedia article</a>.</p>
<p>Please see <ahref="https://github.com/internetstandards/toolbox-wiki/blob/main/DANE-for-SMTP-how-to.md">this article</a> about what DANE is. Alternatively, see <ahref="https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities">this Wikipedia article</a>.</p>
<p>You can use <ahref="https://ssl-tools.net/tlsa-generator">this tool</a> to generate TSLA DNS records.</p>
<p>You can use <ahref="https://ssl-tools.net/tlsa-generator">this tool</a> to generate TSLA DNS records for DANE.</p>
<p>You can enable enforcing DANA in the (advanced) account and identity settings (since version 1.2148).</p>
<p>You can enable enforcing DNSSEC and/or DANA in the (advanced) account and identity settings (since version 1.2148).</p>
<p>Note that only some email servers support DANE and that only a limited number of DNS servers support DNSSEC, which is required for DANE.</p>
<p>Note that only some email providers support DANE and that only a limited number of DNS servers support DNSSEC (January 2024: ~30%), which is required for DANE.</p>
<p>Except for DANE, FairEmail won’t enforce DNSSEC because adoption of DNSSEC is still limited (~30% at the start of 2024).</p>
M66B
6 months ago