Close- Patent
- Trademark
- Innovation
- Solutions
- Contact
- Learn & Support
- Learn and support
- Resource HubAccess value added content to support your IP strategy
- Webinars & EventsAre you interested in attending one of our online or onsite event?
- Product TrainingsCustomer success is our priority. Increase your skills in the use of Questel’s software
- Product NewsA platform dedicated to software and platforms news and evolutions
- Best-in-class Customer ExperienceOur goal is to exceed our clients' expectations and share best practices
- IP TrainingIncrease the IP-IQ of your entire organization with engaging IP training programs
- Resource Hub
- Newsletter subscriptionSign up for our quarterly patent and trademark newsletters and set your email preferences below.
- Newsletter subscription
- About Questel
- Learn & Support
- Learn and support
- Resource HubAccess value added content to support your IP strategy
- Webinars & EventsAre you interested in attending one of our online or onsite event?
- Product TrainingsCustomer success is our priority. Increase your skills in the use of Questel’s software
- Product NewsA platform dedicated to software and platforms news and evolutions
- Best-in-class Customer ExperienceOur goal is to exceed our clients' expectations and share best practices
- IP TrainingIncrease the IP-IQ of your entire organization with engaging IP training programs
- Resource Hub
- Newsletter subscriptionSign up for our quarterly patent and trademark newsletters and set your email preferences below.
- Newsletter subscription
- About Questel
New CAA Functionality for S/MIME: What You Need to Know
Certification Authority Authorization (CAA) records are a type of domain name server (DNS) resource record that allows domain owners to restrict the issuance of SSL/TLS certificates to specific certification authorities (CAs).
S/MIME certificates are often referred to as email signature certificates or personal authentication certificates. They provide end-to-end encryption for MIME data, such as email messages, ensuring sender authentication, message integrity, confidentiality, and data security.
The introduction of S/MIME baseline requirements in CAA entries now provides a standardized way to define requirements for issuing S/MIME certificates. This means you can now restrict the CA (Certificate Authority) or even completely prohibit the issuance of S/MIME certificates.
Questel has already implemented this functionality and is making it available to customers of our corporate domain services immediately. Other DNS providers are required to implement it by March 15, 2025. As of this date, supporting the functionality will become mandatory.
In addition to the existing CAA tags such as issue, issuewild, and iodef, the new issuemail tag is now used to control the issuance of S/MIME certificates. The record might look like this:
example.com CAA 0 issuemail "yourcertificateauthority.com"
In this example, only the certification authority yourcertificateauthority.com is permitted to issue S/MIME certificates.
If you want to completely prohibit the issuance of certificates, you can do so with the following configuration:
example.com CAA 0 issuemail ";"
In this example, no one is allowed to issue an S/MIME certificate for the domain example.com.
