What is MTA-STS and How Does It Protect Your Emails? – MakeUseOf

Email is the biggestculprit behind most cyberattacks.It is an easy access point formalware, adware, spam, and phishing, and providesinfinite opportunities for threat actors to get hold of yourpersonalinformation.

To mitigate these threats, stringent security measures should be in place for both individual and business email accounts.

Despite the popularity of other modes of communication, email messaging is still the largest form of data in transit for any individual or organization. Securingyour email contents is avital necessity.

Email security entails the inspection and encryption of all incoming and outgoing email traffic. Encryption plays a vital role in keeping the privacy of email contents intact by ensuring secure SMTP (Simple Mail Transfer Protocol) connections.

Until recently, encryption was only an optional requirement for SMTP.

Email encryption is a process of adding a cipher or piece of code to yourmessage content making it indecipherable. By converting email data into code, the contents are protected from unauthorized exposure. Simply put, your email is scrambled.

As an added security, the encryption process utilizes public and private keys where encrypted keys are exchanged to lock and unlock the coded emails. The sender encrypts the email using public-key cryptography and subsequently, the recipient uses a private key to decipher the received message.

Encryption is applied to the entire journey of an email, from start to finish. As abest practice, all inbound and outbound emails should be encryptednot just the ones carrying sensitive information. This prevents the threat actors from gaining any entry point into your system.

When the SMTP protocol came into existence in 1982, email encryption was not a common practiceand by default, emails were sentand received in plain text. To introduce security at the transport level, the STARTTLS command was added in the late 1990s, which offered the encryption option through the TLS (Transport Layer Security) protocol.

As promising as the TLS upgrade sounded, it lefttwo security loopholes intact:

In 2019, Google finally stepped up to the plate andannounced the adoption of the new MTA-STS (Mail Transfer Agent/Strict Transport Security) standard(RFC8461).

Thisgives the mail service providers the ability to impose TLS for securing SMTP connectionsand also offers the option to deny email delivery to MX hosts that do not offer TLS with a reliable server certificate.

MTA-STS finally takes care of all the previous issues with SMTP by enforcing encryption between the communicating SMTP servers. But how does it actually work? Let's find out!

MTA-STS goes to work by instructing an SMTP server to only communicate with another SMTP server on two conditions:

By using a combination of DNS and HTTPS to publish a policy, MTA-STS informs the sending party how to proceed if an encrypted channel of communication cannot be initiated.

It's easy to implement MTA-STS on the recipient'send but for the sender, a supporting mail server software such as ProtonMailshould be used.

Related:ProtonMail: The Email Security You Need With the Features You Want

The following threats are met head-on if MTA-STS is applied to your email communications:

Man-In-The-Middle (MITM) Attacks:This attack is carried outwhen an attacker intercedesthemselves in the middle of communication between two parties to steal or alter data. In the case of an email, that would typically mean two communicating SMTP servers. By employing MTA-STS, these attacks can be easily prevented.

Downgrade Attacks:A threat actor forces a network channel to change to an insecure data transmission mode. As an example, this attack might redirect a website visitor from an HTTPS version of a site to an HTTP version. MTA-STS helpscombat these attacks by preventing any unauthorized access.

DNS Spoofing Attacks: These cunning attacks change the DNS records of a user's intended destination and fools them into believing that they are visiting a legitimate site or domain. Implementing MTA-STS greatly helps in mitigating these attacks.

Related:What Is DNS Cache Poisoning?

Now that we are familiar with the MTA-STS, it is time to touch base with a new reporting standard for SMTP known as TLS reporting.

Just like MTA-STS, TLS-RPT is a reporting standard that detects connectivity issues and discrepancies between sending applications. Once enabled, it sends daily reports regarding any connection problemsexperienced by external servers while sending you emails.

Think of it as a troubleshooting tool where the reports can be used to gauge and triage potential problems and configuration issues.

Diagnostic Reporting:TLS reporting offers diagnostic reports in JSON file format containing comprehensive details regarding any inbound emails facing delivery issues. It also detects emails that bounced or did not deliver due to a downgrade attack, for instance.

Improved Visibility: By enabling TLS-RPT, you can improve visibility on all your email channels. This allows you to keep an eye on all the data that is heading your way, which also includes failed messages.

Daily Reports: The diagnostic reports are sent at least once a day to cover and observe the MTA-STS policies in depth. The reports also include traffic statistics as well as detailed information on errors and failed deliveries.

Due to the continuously evolving nature of cyber threats, stringent security measures and cryptography are must-haves for safe and secure email delivery.

Thanks to the various email providers offering strong encryption capabilities and the MTA-STS standards, fullysecure email transfers are not a far-fetched reality anymore.

Fed up with government and third-party surveillance of your emails? Protect your messages with a secure encrypted email service.

Kinza is a technology enthusiast, technical writer, and self-proclaimed geek who resides in Northern Virginia with her husband and two kids. With a BS in Computer Networking and numerous IT certifications under her belt, she worked in the Telecommunications industry before venturing into technical writing. With a niche in cyber-security and cloud-based topics, she enjoys helping clients meet their diverse technical writing requirements across the globe.In her spare time, she enjoys reading fiction, technology blogs, crafting witty children's stories, and cooking for her family.

Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals!

Please confirm your email address in the email we just sent you.

Visit link:
What is MTA-STS and How Does It Protect Your Emails? - MakeUseOf