Stop man-in-the-middle attacks

Prevent email tampering and secure your inbound emails with OnDMARC's MTA-STS feature.

What is MTA-STS

What is MTA-STS?

Mail Transfer Agent Strict Transport Security (MTA-STS) is a standard that enables the encryption of messages being sent between two mail servers. It specifies to sending servers that emails can only be sent over a Transport Layer Security (TLS) encrypted connection which prevents emails from being intercepted by cybercriminals.

Intercepted email MTA-STS

Why do you need MTA-STS?

The Simple Mail Transfer Protocol (SMTP) alone does not provide security, making it vulnerable to malicious attacks such as man-in-the-middle attacks. A man-in-the-middle is an attack where communication between two servers is intercepted and possibly changed without detection by the recipient. 

In addition, encryption is optional in SMTP, which means that emails can be sent in plaintext. If a plaintext email was intercepted in transit, it could easily be read and manipulated. Without MTA-STS, an attacker can intercept the communication and force the sending service to send the message in plain text. By enabling MTA-STS, a TLS connection is required which ensures encryption and keeps your emails private.

How does OnDMARC help me deploy MTA-STS?

OnDMARC's Dynamic Services interface simplifies the management of the MTA-STS configuration in three simple steps:

SSL Certificate secure

Simply add Smart Records to your DNS

Once the MTA-STS records have been added to your DNS, we host the MTA-STS policy file and maintain the SSL certificate, and flag any policy violation through the TLS report.

Monitor TLS reports

Monitor TLS reports for successes and failures

Use OnDMARC’s TLS Reports to gain clear insight into the volume of emails received over a given period and how many of them have experienced domain successes and failures. This insight allows you to identify and fix the issues within your mail server and ensure your inbound mail is not being blocked.

MTA-STS enforce mode

Progress to MTA-STS enforce mode to fully secure your mail

Once you have remedied any errors that OnDMARC uncovers, you can safely progress to full MTA-STS enforce mode to secure your inbound mail. OnDMARC makes the deployment of this protocol fast, simple and secure.


Avoid configuration errors

Put an end to configuration errors

Once you have added OnDMARC's Smart Records to your DNS, there's no need to go back to it to update your records as they can now be managed via the MTA-STS interface instead, saving you time and preventing manual configuration errors.

It's managed by experts

Avoid complicated deployments

Forget deployment complexities - we do all the hard work for you such as hosting the MTA-STS policy file and maintaining the SSL certificate and flagging any policy violation through the TLS report.

Easy to digest reports

Benefit from easy to understand reports

OnDMARC's TLS Reports provide granular insight into a specific domain's success or failure, such as a missing or expired certificate. This tells you exactly what needs fixing in order for you to progress to an MTA-STS enforce mode.

Total privacy

Take advantage of robust email security

Together, DMARC and MTA-STS provide solid business email protection by blocking exact domain impersonation and man-in-the-middle attacks, two of the greatest challenges that businesses need to protect their emails from.