Mail Transfer Agent Strict Transport Security (MTA-STS) is a standard that enables the encryption of messages being sent between two mail servers. It specifies to sending servers that emails can only be sent over a Transport Layer Security (TLS) encrypted connection which prevents emails from being intercepted by cybercriminals.
The Simple Mail Transfer Protocol (SMTP) alone does not provide security, making it vulnerable to malicious attacks such as man-in-the-middle attacks. A man-in-the-middle is an attack where communication between two servers is intercepted and possibly changed without detection by the recipient.
In addition, encryption is optional in SMTP, which means that emails can be sent in plaintext. If a plaintext email was intercepted in transit, it could easily be read and manipulated. Without MTA-STS, an attacker can intercept the communication and force the sending service to send the message in plain text. By enabling MTA-STS, a TLS connection is required which ensures encryption and keeps your emails private.
OnDMARC's Dynamic Services interface simplifies the management of the MTA-STS configuration in three simple steps:
Once the MTA-STS records have been added to your DNS, we host the MTA-STS policy file and maintain the SSL certificate, and flag any policy violation through the TLS report.
Use OnDMARC’s TLS Reports to gain clear insight into the volume of emails received over a given period and how many of them have experienced domain successes and failures. This insight allows you to identify and fix the issues within your mail server and ensure your inbound mail is not being blocked.
Once you have remedied any errors that OnDMARC uncovers, you can safely progress to full MTA-STS enforce mode to secure your inbound mail. OnDMARC makes the deployment of this protocol fast, simple and secure.
Once you have added OnDMARC's Smart Records to your DNS, there's no need to go back to it to update your records as they can now be managed via the MTA-STS interface instead, saving you time and preventing manual configuration errors.
Forget deployment complexities - we do all the hard work for you such as hosting the MTA-STS policy file and maintaining the SSL certificate and flagging any policy violation through the TLS report.
OnDMARC's TLS Reports provide granular insight into a specific domain's success or failure, such as a missing or expired certificate. This tells you exactly what needs fixing in order for you to progress to an MTA-STS enforce mode.
Together, DMARC and MTA-STS provide solid business email protection by blocking exact domain impersonation and man-in-the-middle attacks, two of the greatest challenges that businesses need to protect their emails from.
Protect your emails from phishing attacks and data tampering with MTA‑STS
