Overview

Introducing hosted MTA-STS

Today we are proud to introduce MTA-STS support and Mailhardener hosted MTA-STS as part of our email hardening suite.

With Mailhardener hosted MTA-STS you can enable MTA-STS for your domain with just a few DNS settings. Once enabled, you can monitor traffic and adjust your MTA-STS policy directly from your Mailhardener dashboard.

What is MTA-STS?

Mail Transfer Agent Strict Transport Security (MTA-STS) is the latest email security standard for secure delivery of email to your domain. With MTA-STS you can enforce senders to only deliver email to your domain using a secure (TLS encrypted) connection.

MTA-STS mitigates DNS Man-In-The-Middle attacks and SMTP downgrade attacks that would allow an attacker to read or manipulate email in transit. These attacks are known to be used by governments and internet service providers.

Read more about MTA-STS in our in-depth knowledge base article.

TLS reporting

With the MTA-STS's ability to enforce email delivery over a secure connection, it becomes important to know if those senders are experiencing problems that would prevent them from delivering email to your domain. TLS reporting (TLS-RPT) is a reporting system used in conjunction with MTA-STS, it allows you to detect and respond to email delivery issues to your domain.

TLS reporting is now fully integrated into the Mailhardener suite. You can monitor TLS activity for your domain from the Mailhardener dashboard.

screenshot showing TLS report breakboard in Mailhardener dashboard
Example of a TLS report breakdown in Mailhardener dashboard

Mailhardener hosted MTA-STS

Adopting MTA-STS would normally be a bit more involved than systems like DKIM or DMARC, as it requires a web server with a valid certificate as well as a couple of DNS records. The certificate would also need period renewal.

To improve this experience, we are now the first to offer hosted MTA-STS as part of the Mailhardener suite. With hosted MTA-STS we take care of hosting and maintaining the web server and certificate.

Mailhardener hosted MTA-STS makes adoption of MTA-STS as easy as setting a couple of DNS records. MTA-STS policy changes can be made easily and instantly through the Mailhardener dashboard, no further DNS changes required. Mailhardener hosted MTA-STS is fully compliant with all the relevant RFCs and supports the latest TLS standards and best practices.

screenshot showing MTA-STS policy selection in Mailhardener dashboard
MTA-STS policy can be changed instantly from Mailhardener dashboard

Who can use MTA-STS?

MTA-STS is usable for every email system, whether it being cloud hosted, or on premise, as long as the server supports TLS (the STARTTLS command). TLS is supported by every cloud email service.

Self hosted MTA-STS

If you prefer to host MTA-STS yourself, you can still use Mailhardener to aggregate and process the TLS-RPT reports. Mailhardener will also monitor your MTA-STS policy server for changes or problems.

Available immediately

We are very excited to be able to offer the latest email security features to our customers. By making these security features accessible and easy to use, we hope to accelerate worldwide the adoption of MTA-STS.

Mailhardener hosted MTA-STS is available immediately for all Mailhardener customers.


With Mailhardener you can configure, validate and monitor your domain for all aspects of email security. Mailhardener is free to evaluate for a single domain.
Sign up now