What is MTA-STS?
Mail Transfer Agent Strict Transport Security – Explained
MTA-STS is a security standard that ensures the secure transmission of emails over an encrypted SMTP connection. The acronym MTA stands for Message Transfer Agent, which is a program that transfers email messages between computers. The acronym STS stands for Strict Transport Security, which is the protocol used to implement the standard. An MTA-STS-aware mail transfer agent (MTA) or secure message transfer agent (SMTA) operates in accordance with this specification and provides a secure end-to-end channel for sending email over unsecured networks.
The MTA-STS protocol allows an SMTP client to verify server identity and ensure that it is not connecting to an impostor by requiring the server to provide its certificate fingerprint in the TLS handshake. The client then verifies the certificate against a trust store containing certificates of known servers.
The History and Origin of MTA-STS
In the year 1982, SMTP was first specified and it did not contain any mechanism for providing security at the transport level to secure communications between the mail transfer agents. However, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails between the servers, providing the ability to convert a non-secure connection into a secure one that is encrypted using TLS protocol.
In that case, you must be wondering if SMTP adopted STARTTLS to secure connections between servers, why was the shift to MTA-STS required, and what does it even do?
MTA-STS Deployment
MTA-STS protocol is deployed by having a DNS record that specifies that a mail server can fetch a policy file from a specific subdomain. This policy file is fetched via HTTPS and authenticated with certificates, along with the list of names of the recipient’s mail servers. Implementing MTA-STS is easier on the recipient’s side in comparison to the sending side as it requires to be supported by the mail server software. While some mail servers support MTA-STS, such as PostFix, not all do.
Who Support MTA-STS?
Major mail service providers such as Microsoft, Oath, and Google support MTA-STS. Google’s Gmail has already adopted MTA-STS policies in recent times. MTA-STS has removed the drawbacks in email connection security by making the process of securing connections easy and accessible for supported mail servers.
Connections from the users to the mail servers are usually protected and encrypted with TLS protocol, however, despite that there was an existing lack of security in the connections between mail servers before the implementation of MTA-STS. With a rise in awareness about email security in recent times and support from major mail providers worldwide, the majority of server connections are expected to be encrypted in the recent future. Moreover, MTA-STS effectively ensures that cybercriminals on the networks are unable to read email content.
What is SPF? Free2 m
Video Introduction to SPF Free1 m 41 s- A Brief History of SPF Free1 m
- How does SPF work? Free2 m
- SPF Tags: Syntax of an SPF Record Explained Free3 m
- How to create and publish SPF records? Free2 m
- SPF Authentication Failures Free3 m
- Video Explanation: SPF PermError Free1 m 39 s
Quiz 430 m
- What is DMARC? Free1 m
- Video Introduction to DMARC Free1 m 15 s
- A Brief History of DMARC Free1 m
- How does DMARC work? Free2 m
- What is DMARC Policy? : None, Quarantine & Reject Free2 m
- Video Explanation: DMARC Policy Free1 m 40 s
- DMARC Tags Free2 m
- DMARC Aggregate (RUA) Reports Free3 m
- DMARC Forensic (RUF) Reports Free2 m
- How to Create and Publish a DMARC Record? Free3 m
- DMARC Authentication Failures Free3 m
- Video Explanation: Why does DMARC Fail? Free1 m 37 s
- Quiz 630 m