I’d like to suggest that Enhance adds native support for DANE (DNS-based Authentication of Named Entities) for email services. DANE is becoming increasingly important to ensure secure SMTP connections and to prevent downgrade or man-in-the-middle attacks, especially on servers that already use DNSSEC.
The idea would be to allow the platform to automatically generate and manage TLSA records for mail ports (25, 465, and 587), based on the active SSL certificate. It would also be helpful to have an option in the panel (or via API) to update these records whenever the certificate is renewed or replaced.
Additionally, it would be great to show a visual indicator in the DNS section of each domain, confirming whether the current TLSA record matches the active certificate — just like Enhance already does with DKIM.
This would be a valuable feature for anyone offering professional hosting services or working with public institutions where email security and trust are critical. Platforms like Plesk already offer this type of integration, and it would make perfect sense to see it implemented in Enhance as well.
