Today we are proud to introduce MTA-STS support and Mailhardener hosted MTA-STS as part of our email hardening suite.
With Mailhardener hosted MTA-STS you can enable MTA-STS for your domain with just a few DNS settings. Once enabled, you can monitor traffic and adjust your MTA-STS policy directly from your Mailhardener dashboard.
Mail Transfer Agent Strict Transport Security (MTA-STS) is the latest email security standard for secure delivery of email to your domain. With MTA-STS you can enforce senders to only deliver email to your domain using a secure (TLS encrypted) connection.
MTA-STS mitigates DNS Man-In-The-Middle attacks and SMTP downgrade attacks that would allow an attacker to read or manipulate email in transit. These attacks are known to be used by governments and internet service providers.
With the MTA-STS's ability to enforce email delivery over a secure connection, it becomes important to know if those senders are experiencing problems that would prevent them from delivering email to your domain. TLS reporting (TLS-RPT) is a reporting system used in conjunction with MTA-STS, it allows you to detect and respond to email delivery issues to your domain.
TLS reporting is now fully integrated into the Mailhardener suite. You can monitor TLS activity for your domain from the Mailhardener dashboard.
Adopting MTA-STS would normally be a bit more involved than systems like DKIM or DMARC, as it requires a web server with a valid certificate as well as a couple of DNS records. The certificate would also need period renewal.
To improve this experience, we are now the first to offer hosted MTA-STS as part of the Mailhardener suite. With hosted MTA-STS we take care of hosting and maintaining the web server and certificate.
Mailhardener hosted MTA-STS makes adoption of MTA-STS as easy as setting a couple of DNS records. MTA-STS policy changes can be made easily and instantly through the Mailhardener dashboard, no further DNS changes required. Mailhardener hosted MTA-STS is fully compliant with all the relevant RFCs and supports the latest TLS standards and best practices.
MTA-STS is usable for every email system, whether it being cloud hosted, or on premise, as long as the server supports TLS (the
TLS is supported by every cloud email service.
If you prefer to host MTA-STS yourself, you can still use Mailhardener to aggregate and process the TLS-RPT reports. Mailhardener will also monitor your MTA-STS policy server for changes or problems.
We are very excited to be able to offer the latest email security features to our customers. By making these security features accessible and easy to use, we hope to accelerate worldwide the adoption of MTA-STS.
Mailhardener hosted MTA-STS is available immediately for all Mailhardener customers.