What is MTA-STS?

Learn about MTA-STS, a protocol to help secure your inbound messages and block man-in-the-middle attacks

Faisal Misle avatar
Written by Faisal Misle
Updated over a week ago

Mail Transfer Agent Strict Transport Security (MTA-STS) is a standard that enables the encryption of messages being sent between two mail servers. It specifies to sending servers that emails can only be sent over a Transport Layer Security (TLS) encrypted connection which prevents emails from being intercepted by cybercriminals.

The standard (defined in RFC8461) aims to improve the security of the SMTP protocol by enabling domains to opt into a mode that requires authentication with valid public certificates and encryption (TLS).

MTA-STS forces a TLS connection, preventing suppression of the STARTTLS upgrade, and defines what the MX records should be for a domain, therefore preventing DNS query interception from redirecting to another MX record by a malicious party.

Much like HSTS makes TLS mandatory when using HTTP, MTA-STS makes encryption mandatory in SMTP.

Google and Microsoft both support MTA-STS and TLS-RPT. In fact, the RFC was co-authored by several Googlers.

Did this answer your question?