Introducing hosted MTA-STS

Today we are proud to introduce MTA-STS support, SMTP TLS reporting support and Mailhardener hosted MTA-STS as part of our email hardening suite.

With Mailhardener hosted MTA-STS you can enable MTA-STS for your domain with just a few DNS settings. Once enabled, you can monitor traffic and adjust your MTA-STS policy directly from your Mailhardener dashboard.

What is MTA-STS?

Mail Transfer Agent Strict Transport Security (MTA-STS) is the latest email security standard for secure delivery of email to your domain. With MTA-STS you can enforce senders to only deliver email to your domain using a secure (TLS encrypted) connection.

MTA-STS mitigates DNS Man-In-The-Middle attacks and SMTP downgrade attacks that would allow an attacker to read or manipulate email in transit. These attacks are known to be used by governments and internet service providers.

Read more about MTA-STS in our in-depth knowledge base article.

Mailhardener hosted MTA-STS

Adopting MTA-STS would normally be a bit more involved than systems like DKIM or DMARC, as it requires a web server with a valid certificate as well as a couple of DNS records. The certificate would also require periodic renewal.

To improve this experience, we are now the first to offer hosted MTA-STS as part of the Mailhardener suite. With hosted MTA-STS we take care of hosting and maintaining the web server and certificate.

Mailhardener hosted MTA-STS makes adoption of MTA-STS as easy as setting a couple of DNS records. MTA-STS policy changes can be made easily and instantly through the Mailhardener dashboard, no further DNS changes required. Mailhardener hosted MTA-STS is fully compliant with all the relevant RFCs and supports the latest TLS standards and best practices.

screenshot showing MTA-STS policy selection in the Mailhardener dashboard
MTA-STS policy can be changed instantly from the Mailhardener dashboard

SMTP TLS reporting

With the MTA-STS ability to enforce email delivery over a secure connection, it becomes important to know if those senders are experiencing problems that would prevent them from delivering email to your domain. SMTP TLS reporting is a reporting system used in conjunction with MTA-STS, it allows you to detect and respond to email delivery issues to your domain.

Read more about SMTP TLS reporting in our in-depth knowledge base article.

SMTP TLS reporting is now fully integrated into the Mailhardener suite. You can monitor TLS activity for your domain from the Mailhardener dashboard.

screenshot showing a TLS report breakdown in the Mailhardener dashboard
Example of a TLS report breakdown in the Mailhardener dashboard

Who can use MTA-STS?

MTA-STS is usable for every email system, whether it being cloud hosted, or on premise, as long as the SMTP service supports TLS (the STARTTLS command). TLS is supported by every cloud email service.

Self-hosted MTA-STS

If you prefer to host MTA-STS yourself, you can still use Mailhardener to aggregate and process SMTP TLS reports. Mailhardener will also monitor your MTA-STS policy service for changes or problems.

Available immediately

We are very excited to be able to offer the latest email hardening features to our customers. By making these hardening features accessible and easy to use, we hope to accelerate the adoption rate of MTA-STS.

Mailhardener hosted MTA-STS is available immediately for all Mailhardener customers.

Further reading

With Mailhardener you can configure, validate and monitor your domain for all aspects of email security. Mailhardener is free to evaluate for a single domain.
Sign up now