As you will well know spam - unsolicited emails - are a big problem for everyone who uses email. Related to spam are fake emails where the sender details are faked.
Kerio Connect supports some features to help in both cases such as a spam filter, black lists, and support for SPF - Sender Policy Framework. Kerio Connect also has some support for DKIM - Domain Keys.
However Kerio Connect does not support DNSSEC. Whilst SPF and DKIM help in ensuring emails for a domain are only sent from a mail server authorised to send for that domain they do nothing to prevent a spammer from faking the DNS record and thereby also being able to send from someone else's domain.
This is what DNSSEC helps do in that it helps prevent faking DNS entries.
DNSSEC is supported by the major email providers e.g. Google, Yahoo, Microsoft and the major ecommerce sites. I strongly urge Kerio to catch up and support this in full.
Note: Merely adding a DNS record is not sufficient, the mail server needs to check emails.