diff --git a/DANE-for-SMTP-how-to.md b/DANE-for-SMTP-how-to.md
index 9e48b67..e26925d 100644
--- a/DANE-for-SMTP-how-to.md
+++ b/DANE-for-SMTP-how-to.md
@@ -371,6 +371,8 @@ Name servers: enter here your resolving nameservers.
 DNS cache: Enable (now the DNSSEC option is visible)
 DNSSEC: Enable
 
+![](images/halon-dnssec.png)
+
 If you have multiple hosts in a cluster, edit the DNS settings for all the hosts.
 
 ## Inbound
@@ -381,6 +383,8 @@ If you already have an inbound SMTP listener configured, you should upgrade this
 - STARTTLS: Enable
 - Certificate: Select the certificate you want to use from the dropdown menu. 
 
+![](images/halon-inbound.png)
+
 ## Outbound
 There a multiple ways to enable outbound DANE: through a Transport Label or scripting.
 
@@ -392,6 +396,8 @@ Select the transport labels ID if you want to upgrade an existing one, otherwise
 - Destination hostname and port: Select Deliver to MX.
 - TLS STARTTLS: Select "DANE" or "DANE (required)" in the dropdown menu.
 
+![](images/halon-outbound.png)
+
 Notice: with "DANE (required)" there is no fallback to TLS or none option.
 
 If you created a new "Transport Label" use that one in a Script mapping as Transport to use the DANE enabled delivery.
diff --git a/images/halon-dnssec.png b/images/halon-dnssec.png
new file mode 100644
index 0000000..29fd0ac
Binary files /dev/null and b/images/halon-dnssec.png differ
diff --git a/images/halon-inbound.png b/images/halon-inbound.png
new file mode 100644
index 0000000..4f5455a
Binary files /dev/null and b/images/halon-inbound.png differ
diff --git a/images/halon-outbound.png b/images/halon-outbound.png
new file mode 100644
index 0000000..1a7d2a1
Binary files /dev/null and b/images/halon-outbound.png differ