From 72e57788f33417b755db6e4f0d6d361e66d9b9e2 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Thu, 31 Dec 2020 22:14:02 -0500
Subject: [PATCH] document DNSSEC/DANE enforcement for email

---
 static/features.html | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/static/features.html b/static/features.html
index 2f260035..44d1914d 100644
--- a/static/features.html
+++ b/static/features.html
@@ -194,6 +194,8 @@
                     for securing email due to it relying on DNS records</li>
                     <li>DANE TLSA records for pinning keys for all our TLS services (mostly helps
                     to secure email due to lack of browser support)</li>
+                    <li>Our mail server enforces DNSSEC/DANE to provide authenticated encryption
+                    when sending mail including alert messages from the attestation service</li>
                     <li>SSHFP across all domains for pinning SSH keys</li>
                     <li>Static key pinning for our services in apps like Auditor</li>
                     <li>No cookies or similar client-side state for anything other than login sessions,