Factsheet Secure the connections of mail servers

Traditionally, connections between mail servers have hardly been secured. STARTTLS is an extension to provide existing protocols with connection security. If you only use STARTTLS to secure connections between mail servers, this will protect against so-called passive attackers. An active attacker can easily undo the use of STARTTLS. The DANE protocol allows you to verifiably indicate that your server offers a secure connection. The NCSC recommends enabling STARTTLS and DANE for all your organisation’s incoming and outgoing email traffic.