This document discusses Domain Name System Security Extensions (DNSSEC) and the DNS-based Authentication of Named Entities (DANE) protocol. It describes how DANE uses DNSSEC and Transport Layer Security (TLS) records (TLSA) to authenticate TLS certificates and secure email transport (SMTP) without relying on certificate authorities. Benefits include preventing man-in-the-middle attacks and securely validating certificates through DNS rather than certificate revocation lists. The document provides instructions and examples for configuring mail servers, DNS servers, and validating TLSA records to implement DANE for email.