14 DAY TRIAL // The Internet Engineering Task Force (IETF), who is currently working on an experimental new DNS-related protocol called DANE, is now looking into the possibility of hiding email addresses in DNS records.
DANE, or DNS-Based Authentication of Named Entities, is a new protocol that was originally developed to allow TLS/SSL certificates to be bound to DNS records using DNSSEC (Domain Name System Security Extensions).
When it was introduced, DANE was supposed to help browsers verify if a TLS/SSL certificate had a valid CA (Certificate Authority) by checking a special field in the DNS record.
The protocol, still highly experimental and under heavy development by the IETF, seems to be adding an extra privacy feature that would allow domain registrars to hide their email addresses.
As The Register is reporting, the IETF working group has decided to add this feature to the DANE protocol working draft, meaning email addresses will appear in a hashed form when querying DNS records in the near future.
This reduces the chances of domain hijacking by not supplying the attacker with an email address in clear text.
The hashed email can still be broken into and reveal the real email, but if the attacker doesn't have the skills for it, taking over a domain will be much harder.