Microsoft is committed to providing world-class email security solutions and the support for the latest Internet standards in order to provide advanced email protection for our customers. Today we ar...
Updated Oct 16, 2023
Version 2.0
Blog Post
This news is great! adding new standards to the O365 platform. With an ongoing move to the cloud, CSP's not introducing new standards was the limiting factor so far.
When looking at Viktor's comment it might even be wise to start TLS-RPT first to get everyone aware about their "broken" configurations before starting to apply DANE to connections.
This leaves me with other questions though:
- When will DMARC reporting for the O365 platform be back? back in 2012 Microsoft actively participated in the development of the standard, sending out reports from the Hotmail/Outlook.com platform. These services have now migrated to the same O365 platform, but completely stopped sending out DMARC rua reports.
- When will O365 start respecting the DMARC policy set by a domain owner? Currently a decision was made to override the reject policy (oreject) and default it back to quarantine. From an O365 Admin perspective there is no "button" to disable this behavior. Only by going through a workarounds you'll be able to get a similar result.
- In September 2018, together with TLS Reporting (TLS-RPT), SMTP MTA Strict Transport Security (MTA-STS) was released.
If the goal is to secure TLS connections it should not matter which technology is available (DANE vs MTA-STS), so if one is unable to implement DANE they have an alternate internet standard (MTA-STS) to make sure that their connection can be secured.