1 min read

What is MTA-STS

What is MTA-STS

Increase email security by turning on MTA Strict Transport Security (MTA-STS) for your domain. MTA-STS improves email security by requiring authentication checks and encryption for email sent to your domain. Use Transport Layer Security (TLS) reporting to get information about external server connections to your domain.

Like all mail providers, email uses Simple Mail Transfer Protocol (SMTP) to send and receive messages. SMTP alone does not provide security, and many SMTP servers don’t have added security to prevent malicious attacks.

For example, SMTP is vulnerable to man-in-the-middle attacks. Man-in-the-middle is an attack where communication between two servers is intercepted and possibly changed without detection. Using MTA-STS to secure mail server connections helps prevent these types of attacks.

Learn more about MTA-STS (RFC 8461) and TLS Reporting (RFC 8460)

MTA-STS email security

SMTP connections for email are more secure when the sending server supports MTA-STS and the receiving server has an MTA-STS policy in enforced mode.

Receiving mail: When you turn on MTA-STS for your domain, you request external mail servers to send messages to your domain only when the SMTP connection is both:

  • Authenticated with a valid public certificate
  • Encrypted with TLS 1.2 or higher

Mail servers that support MTA-STS will send messages to your domain only over connections that have both authentication and encryption.

Sending mail: Email messages from your domain comply with MTA-STS when sent to external servers with an MTA-STS policy in enforced mode.

TLS reporting

When you turn on TLS reporting, you request daily reports from external mail servers that connect to your domain. The reports have information about any connection problems the external servers find when sending mail to your domain. Use report data to identify and fix security issues with your mail server.

What is 5Ghoul

What is 5Ghoul

5Ghoul is a new attack vector with 10 security defects that can be exploited to drop and freeze 5G connections on smartphones and routers and to...

Read More
What is DNSSEC

What is DNSSEC

DNSby itself is not secure DNSwas designed in the 1980s when the Internet was much smaller, and security was not a primary consideration in its...

Read More
What is BIMI

What is BIMI

Brand Indicators for Message Identification (BIMI) is an email standard that lets you add a brand logo to authenticated messages sent from your...

Read More