Get details right to safely implement DANE in Exchange Online, warn experts
The Microsoft announcement “is helpful,” commented David Shipley, who heads the security awareness training provider Beauceron Security and is former director of strategic IT initiatives at the University of New Brunswick, “but only so much as people have good records and implement good records. I’m sure big brands like Microsoft will be resourced to do this, but doubtful all enterprises or even a fraction of small and mid-size firms will do it.”
Many sites haven’t yet implemented other existing email security protocols, he pointed out. For example, only 59% of the top 1 million domains have an older protocol, SPF (sender policy framework), validly configured, he said, citing an article in DMARC Checker. And of the Top 1,000, only 77% have the basic SPF correct.
DANE won’t stop phishing, Shipley added, although “it may help further put a dent on spoofing.”