MTA-STS

What is MTA-STS?

At the most basic level, MTA-STS, or Mail Transfer Agent-Strict Transport Security, is a mail protocol that helps to protect emails from being intercepted, accessed and changed, as well as preventing email spoofing. This is something that was rolled out by Google for all Gmail customers in 2019 and as a result is becoming more widely adopted across email providers. Where a tech giant such as Google leads, many others tend to follow.

In short, MTA-STS is a secure technical solution to keep your emails safe from malicious entities, whether these are data harvesters, ransomware hackers or identity scammers. PlatOps can provide fully-specced Mail Transfer Agent-Strict Transport Security hosting and analytics services which will keep your email traffic safe and secure.

SMTP and START-TLS

The basic Simple Mail Transfer Protocol (SMTP) has been around since 1982 and this has been the primary method for delivering e-mail all around the world since that time. There were no security protocols included until in 1999 the STARTTLS command was introduced, which supported encryption of emails traveling between two servers.

This then created the possibility of converting a non-secure connection into one that is secure by utilizing the TLS protocol. STARTTLS was an improvement on what came before but there were still problems that needed to be addressed.

The Move from START-TLS to MTA-STS

It has been widely acknowledged that STARTTLS was an improvement but that there was more that needed to be done in order to create a more secure method of encryption between mail servers. One of the major perceived failings of STARTTLS is that it is a voluntary measure and isn’t something that is required in order to complete an email data transaction.

If only one side has STARTTLS enabled and the other doesn’t, you can understand how that doesn’t allow for a secure transfer of information. This makes it vulnerable to Man in the Middle attacks which we will briefly mention below. STARTTLS also has the added difficulty that it has no way of verifying the identity of the mail servers involved as no certificate information is passed during the transaction.

Man-in-the-Middle (MiTM) Attacks

MTA-STS was introduced in order to clamp down on what are known as Man-in-the-Middle of MiTM attacks. This is where a hacker will intercept an email en-route between two mail servers and read or change the message content being sent.

This is something that has continued to be a point of vulnerability even with the introduction of Transport Layer Security (TLS) as standard to many commercial and consumer grade email applications. It was hoped that TLS would reduce the problems experienced but there was still some way to go so there was still a need for MTA-STS to be introduced and widely rolled out across the internet.

How does Mail Transfer Agent-Strict Transport Security help?

MTA-STS provides a mechanism to declare via Domain Name Server TXT records that an SMTP server supports Mail Transfer Agent-Strict Transport Security functionality, and additionally specifies which TLS protocols and ciphers are supported, the various certificates that are trusted, and whether STS is required. This adds a whole new layer of security at the server handshaking level and allows both parties to specify the exact circumstances in which it is considered “safe” to send an email.

MTA-STS works by the sending MTA verifying the policies published by the receiving MTA before sending any email. If the policies cannot be verified, or if they do not meet the requirements of the sending MTA, then the email will not be delivered.

By requiring that all email be sent over a secure connection, MTA-STS helps to ensure that email cannot be intercepted and read by third parties. Additionally, by specifying which certificates are trusted, MTA-STS can help to prevent man-in-the-middle attacks.

PlatOps Security is a noted expert in this field and provides high-quality email security solutions including cost-effective MTA-STS hosting as well as analytics for clients in more than 14 countries around the globe.

Potential Problems with MTA-STS?

Nothing is ever perfect and just as SMTP moved to incorporate STARTTLS and then TLS and now MTA-STS, the continuing evolution of the internet will mean that at some point MTA-STS will also be overhauled and replaced with a more efficient and robust successor. This is how the internet works, changing on the basis of evolution and obsolescence and this is to be expected in the future. For now, MTA-STS is the best solution that we have to tackle the problems that we face in email security.

Next Steps in Email Security

If you are looking for the reassurance that reliable Mail Transfer Agent-Strict Transport Security analytic services can bring, industry leader PlatOps is an obvious choice. Working with global clients of varying sizes, PlatOps is well-positioned to provide expert help and advice to keep your email secure from cyber threats.