What is MTA-STS?

MTA-STS (Mail Transfer Agent Strict Transport Security) is a protocol designed to enhance email security by enforcing encryption for emails in transit between mail servers. It ensures that your organisation’s emails are delivered securely and prevents cybercriminals from intercepting or tampering with them. MTA-STS also works as an additional layer of defence against spoofing and man-in-the-middle attacks.

Why is MTA-STS Important?

Cybercriminals often exploit unsecured email transmissions to intercept sensitive information or impersonate trusted domains. By configuring MTA-STS on your domain, you:

  • Ensure all emails sent to your domain use encrypted communication.

  • Prevent delivery to unauthorised mail servers

  • Improve your domain’s trust and credibility

Data Failure Prevention Infographic

Steps to Configure MTA-STS on Your Domain

1. Prepare Your MTA-STS Policy File

Create a text file named mta-sts.txt with the following structure:

version: STSv1
mode: enforce
mx: [your-mail-server.com] max_age: 86400

  • Replace [your-mail-server.com] with your domain’s mail server.
  • Set mode to enforce to activate MTA-STS.

2. Host the Policy File on Your Domain

Upload the mta-sts.txt file to a secure HTTPS server and make it accessible at:

https://mta-sts.[your-domain]/.well-known/mta-sts.txt

3. Add a DNS TXT Record

Add the following TXT record to your domain’s DNS settings:

_mta-sts.[your-domain]  IN  TXT  “v=STSv1; id=YYYYMMDD”

  • Replace YYYYMMDD with the current date or a unique identifier for version control.

4. Test Your Configuration

Use tools like the National Cyber Security Centre’s (NCSC) Email Security Check to validate your MTA-STS setup. This ensures your policy is correctly implemented and functioning.

How the NCSC Can Help

The National Cyber Security Centre (NCSC) offers free tools and resources to improve your organisation’s email security. Their Email Security Check allows you to verify the strength of your domain’s security protocols, including MTA-STS, DMARC, SPF, and DKIM. By regularly using these tools, you can ensure your email infrastructure is robust and compliant with best practices.

Final Thoughts

Configuring MTA-STS on your domain is a simple yet effective way to secure email communication and protect your organisation from cyber threats. Pairing this with other protocols like DMARC and SPF, and leveraging tools from the NCSC, ensures your business stays one step ahead of attackers.

Share This Information

NEED HELP SECURING YOUR DOMAIN?

Contact Aegis Secure Technologies today