Factsheet Secure the connections of mail servers

Traditionally, connections between mail servers have hardly been secured. STARTTLS is an extension to provide existing protocols with connection security. If you only use STARTTLS to secure connections between mail servers, this will protect against so-called passive attackers. An active attacker can easily undo the use of STARTTLS. The DANE protocol allows you to verifiably indicate that your server offers a secure connection. The NCSC recommends enabling STARTTLS and DANE for all your organisation’s incoming and outgoing email traffic.

This document is currently under revision, which means that the document has not been reviewed or changed in the past year. As a result, the content of the document may not be up-to-date. The NCSC intends to update this product in the near future.