New Feature: Managed MTA-STS and TLS Reporting

MTA-STS is an email protocol that adds a secure layer to incoming emails. Due to this, the receiving server can declare that it only accepts TLS-encrypted messages. The protocol hardens the email against MITM and downgrade attacks. We’ve covered the technical details and requirements of MTA-STS and TLS reporting in one of our previous blog articles.

This guide describes how the Managed MTA-STS and TLS Reporting feature works in our platform. Let’s dive in.

What’s The Difference Between Manual and Managed MTA-STS in the EasyDMARC Platform?

It’s possible to manage your MTA-STS policy manually. However, the need for automation becomes apparent when you have a large number of domains or need an easy way to handle your DNS changes.

Our managed solution allows you to bypass the need for technical know-how and DNS handling in general. You set up the policy and settings in the DNS once and continue using our human-friendly dashboard for further modifications.

Who Can Use the New Managed MTA-STS?

Our new Managed feature is available for Premium and higher users. Once you activate the package, the system will take you through a one-time setup process. After that, you can analyze your TLS reports and enforce the MTA-STS policy.

Setting Up The Feature

Your Managed MTA-STS journey can start from one of the following pages on the sidebar:

• Managed MTA-STS page under the Features > Managed Solutions tab
• TLS Reports under the Reports section

Setup Through The Managed MTA-STS Configuration Page

This interface helps you configure and enforce the MTA-STS policies. Follow the simple guides on the page, and you’ll be set in a few minutes.

To start with the MTA-STS policy configuration, you must go through the following steps:

• Choose the domain you’re setting up the policy for
• Set the policy (None, Testing, or Enforce)
• Start filling in the details below (MX hosts, maximum age, and TLS reporting destination)

Next, you’ll have to configure your DNS. It’s a simple three-step process: 

• Login to your DNS provider: Once on the platform, navigate to the DNS settings page.
• Setup CNAME Records: Configure MTA-STS file location, the MTA-STS, and TLS-RPT records. 
• Verify The Records: Follow on-screen instructions to fix misconfigurations or issues.

DNS changes usually take up to 24 hours. After that, you’ll start receiving the TLS reports on your dashboard.

EasyDMARC’s smart platform will let you know about any misconfigurations from the get-go so that you can eliminate issues down the line.

You’ll see a success message confirming the setup if everything is correct.

Setup Through The TLS Reports Page

If the TLS reports are still inactive when you visit the page, you’ll be greeted with a blocking screen. You’ll have two options: activate the TLS reports or upload a JSON file to the system.

Clicking “Activate TLS Reporting” takes you through the one-time DNS Setup screens described above.

You’ll discover the whole potential of the TLS Reports page once you receive the first report (uploading a JSON file will also work). 

The main chart on the page shows you the message success and failure counts in an easy-to-understand, clean interface. Select the domain or domains you want to analyze on the top and use the robust filtering and date-setting options to display critical information. You can also show the necessary data period (day, week, or month) and turn the chart into an eye-catching graph. These capabilities will give you a superior experience reviewing your reports and taking action.

The table below the main chart shows domain-based information like the policy type, success and failure count, and the report date. When expanded, each entry shows details about the reporter (policy mode, result type, session count, sending and receiving IPs, and the date).

Depending on your access level in Permission Management, you’ll only be able to see data for the domains and groups you can access.

What’s Next For The Feature?

We’ve gathered customer feedback for this feature for a while and are committed to giving you the best experience. Depending on the customer feedback and the success of our Managed MTA-STS and TLS Reporting tool, we’ll be refining the features as we go.

We plan to add a “TLS Reporting” section to our current daily/weekly/monthly reports. This will enhance the way you receive information and give you a better understanding of the whole infrastructure. Have you already used our new MTA-STS and TLS Reporting feature? Leave your opinion in a quick survey.