MTA-STS (Mail Transfer Agent Strict Transport Security) is a new standard (defined in RFC8461) that aims to improve the security of the SMTP protocol by enabling domains to opt into a mode that requires authentication with valid public certificates and encryption (TLS).

MTA-STS forces a TLS connection, preventing suppression of the STARTTLS upgrade, and defines what the MX records should be for a domain, therefore preventing DNS query interception to redirect to another MX record by a malicious party.

Much like HSTS makes TLS mandatory when using HTTP, MTA-STS makes encryption mandatory in SMTP.

Google and Microsoft both support MTA-STS and TLS-RPT. In fact, the RFC was co-authored by several Googlers.

Did this answer your question?