With DANE the domain administrators can specify the keys for TLS servers or clients in their domain. With this feature, you do not depend on third-party certificates that attest the legitimacy of the keys. Zivver does tests for a TLSA reclord and of DNSSEC proof

If you configure DANE correctly for your domain, delivery of verified and encrypted SMTP becomes possible. You can then choose that Zivver directly deliver inbound Zivver messages to your organization.