{"id":28908,"date":"2024-11-29T12:49:11","date_gmt":"2024-11-29T12:49:11","guid":{"rendered":"https:\/\/easydmarc.com\/blog\/?p=28908"},"modified":"2024-12-10T12:29:17","modified_gmt":"2024-12-10T12:29:17","slug":"what-is-mta-sts-and-why-do-you-need-it","status":"publish","type":"post","link":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/","title":{"rendered":"MTA-STS: Why You Need It, How It Works"},"content":{"rendered":"\n<p><span style=\"font-weight: 400;\">MTA-STS (Mail Transfer Agent Strict Transport Security) is a mechanism that enforces TLS encryption for inbound email delivery to a domain. It enables mail servers to securely communicate by ensuring messages are transmitted over an encrypted connection, thereby mitigating risks such as <\/span><a href=\"https:\/\/easydmarc.com\/blog\/what-is-a-mitm-man-in-the-middle-attack\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">man-in-the-middle attacks<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n\n\n\n<p><a href=\"https:\/\/security.googleblog.com\/2019\/04\/gmail-making-email-more-secure-with-mta.html\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">In 2019, Google<\/span><\/a><span style=\"font-weight: 400;\"> became the first major email provider to adopt the new MTA-STS policy, which ensures all inbound emails come through the Transport Layer Security (TLS). This policy complements and strengthens STARTTLS, which is a command that allows mail servers to upgrade an SMTP connection to a secure, encrypted one. The issue with STARTTLS is that it is vulnerable to downgrade attacks and lacks mechanisms for strict enforcement or sender authentication, making it optional and insecure in certain scenarios.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">The MTA-STS policy aims to prevent attackers from tampering with email content or sending the communication to another address. Unlike STARTTLS, MTA Strict Transport Security always keeps TLS on. It tells external servers that your email server only accepts email delivery through a secure connection.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-do-you-need-this-email-protocol\"><b>Why Do You Need this Email Protocol?<\/b><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">The MTA-STS DNS policy, coupled with TLS reports, is a reliable way to make your email communications more secure. Here is what the policy does:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400;\">Hinders downgrade attacks<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Removes the risk of man-in-the-middle (MITM)<\/span> <span style=\"font-weight: 400;\">attacks<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Solves the issue of expired TLS certificates<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400;\">TLS-RPT, like DMARC reports, provides details on successes and failures, keeping you informed and ready to make fixes<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-importance-of-tls-reporting\"><b>The Importance of TLS Reporting<\/b><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">TLS Reporting (TLS-RPT) is a protocol that allows email domains to receive reports about the success or failure of TLS encryption during email transmission, providing insights into potential security issues when emails are sent to a domain.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Like <\/span><a href=\"https:\/\/security.googleblog.com\/2019\/04\/gmail-making-email-more-secure-with-mta.html\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">DMARC reports<\/span><\/a><span style=\"font-weight: 400;\">, TLS reports detail failed SMTP connections and explain why they happened. The failures occur for three&nbsp; reasons:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400;\">Failed TLS negotiation<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">DNS-related issues<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">MTA-STS problems<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400;\">Also, like DMARC reports, TLS reports are delivered to a particular URI (Uniform Resource Identifier) or email address set up via a<\/span><a href=\"https:\/\/security.googleblog.com\/2019\/04\/gmail-making-email-more-secure-with-mta.html\" target=\"_blank\" rel=\"noopener\"> <span style=\"font-weight: 400;\">DNS TXT record<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Here is the DNS record string:&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">\u201cv=TLSRPTv1; rua=mailto:tlsrpt@example.com,https:\/\/tlsrpt.example.com\/v1\u201d<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">The string contains:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400;\">The TLS version (\u201cv=\u201d)<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">The URI (Uniform Resource Identifier) that\u2019s going to receive the reports (\u201crua=\u201d). This line can take more than one value separated by a comma.<\/span><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-the-tls-report-structure\"><b>The TLS Report Structure<\/b><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">Unlike DMARC XML reports, TLS Reporting is easy to read and understand. The report file is in JSON format.<\/span><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"602\" height=\"847\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/Picture2.png\" alt=\"Components of TLS Report\" class=\"wp-image-43157\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/Picture2.png 602w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/Picture2-213x300.png 213w\" sizes=\"(max-width: 602px) 100vw, 602px\" \/><\/figure>\n\n\n\n<p>The table below explains the components of a TLS Report shown in the image above.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td colspan=\"2\"><strong>Components of TLS Report<\/strong><\/td><\/tr><tr><td>organization-name<\/td><td>Name of the reporting party<\/td><\/tr><tr><td>date-range<\/td><td>Timeframe for the collected results containing the start and end dates as a subcategory<\/td><\/tr><tr><td>contact-info<\/td><td>Contact information<\/td><\/tr><tr><td>report-id<\/td><td>Unique report identifier<\/td><\/tr><tr><td>policies<\/td><td>This section contains information about the various active policies for the given domain (STARTTLS, DANE, DNSSEC, MTA-STS). In the case of MTA-STS, for example, this section will repeat the policy file string<\/td><\/tr><tr><td>summary<\/td><td>Provides the session count for successful and failed sessions<\/td><\/tr><tr><td>failure-details<\/td><td>Mentions what went wrong. The \u201cresult type\u201d can take one of the 10+ set values, depending on the failure\u2019s root cause. This line also includes information on the sending server, receiving IP, and its MX hostname<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-does-mta-sts-work\"><b>How Does MTA-STS Work?<\/b><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">MTA-STS is a policy that verifies the TLS connection on every email sent to your ecosystem. It tells the sending SMTP server that communication with your email server must be encrypted, and the domain name in the TLS certificate and the policy must match. This process ensures that all communication delivered to your inbox is encrypted.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">The policy contains a two-part mechanism: The MTA-STS file published on an HTTPS-enabled web server, and a DNS TXT record telling senders that your domain supports MTA-STS.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Once everything is set, you\u2019ll receive reports via TLS-RPT about failures and issues. Sending servers cache the MTA-STS file and use it repeatedly for a period indicated in the document. Upon expiration, the servers request the file again.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Let\u2019s dive further into the two components of the MTA-STS policy.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-the-mta-sts-file\"><b>The MTA-STS File<\/b><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">MTA-STS is a TXT file executed through HTTPS. <\/span><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"602\" height=\"223\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/Picture3.png\" alt=\"Components of MTA-STS File \" class=\"wp-image-43160\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/Picture3.png 602w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/Picture3-300x111.png 300w\" sizes=\"(max-width: 602px) 100vw, 602px\" \/><\/figure>\n\n\n\n<p>The table below explains the components of an MTA-STS file shown in the image above.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Components of MTA-STS File&nbsp;<\/strong><\/td><td><strong>Description<\/strong><\/td><td><strong>Options\/Details<\/strong><\/td><\/tr><tr><td>version<\/td><td>The version of the policy file you\u2019re viewing&nbsp;<\/td><td>The proper syntax is to include this line first, with the other components following in any order<\/td><\/tr><tr><td>mode<\/td><td>The policy mode<\/td><td>The policy mode can take either of the values below:<br \/><strong>testing: <\/strong>The messages that fail to pass the TLS won\u2019t be blocked, but you\u2019ll be able to gather data on them (similar to the DMARC quarantine policy). Enable TLS-RPT to start getting the reports.<br \/><br \/><strong>enforce:<\/strong> Failing the TLS means that the emails won\u2019t be delivered (similar to the DMARC reject policy). However, you\u2019ll still receive reports.<br \/><br \/><strong>none:<\/strong> While the modes above are somewhat comparable to DMARC policies, this one is very distinct. The \u2018none\u2019 policy in your MTA-STS file means fully disabling the policy.<\/td><\/tr><tr><td>mx<\/td><td>To fill in this part, you have to pull your MX records from the DNS<\/td><td>Mention each mail host on a separate line to nail the syntax of the file<\/td><\/tr><tr><td>max_age<\/td><td>Indicates how long the sender should cache the policy<\/td><td>The number is expressed in seconds and should be:<br \/><br \/>between 604,800 and 1,209,600 (1\u20132 weeks) for <strong>testing mode<\/strong><br \/><br \/>between 24 hours (86,400 seconds) and 31,557,600 (one year) for <strong>enforce mode<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-the-mta-sts-dns-record\"><b>The MTA-STS DNS Record<\/b><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">For senders to \u201cknow\u201d you have implemented the MTA-STS policy, you have to set up a DNS record. It points to the policy file and contains the following components:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><b>\u201cv=:\u201d<\/b><span style=\"font-weight: 400;\"> This is the policy version number.<\/span><\/li>\n\n\n\n<li><b>\u201cid=:\u201d<\/b><span style=\"font-weight: 400;\"> This is the policy identification number and should change once the policy is updated.<\/span><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-are-the-requirements-for-mta-sts\"><b>What are the Requirements for MTA-STS?<\/b><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">Before starting the MTA-STS setup, you need to check specific requirements, as not every server can handle the MTA Strict Transport Security policy. These requirements are:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400;\">Can accept mail transfers via TLS connection<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Uses at least TLS version 1.2<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">The TLS certificates should:<\/span>\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400;\">Be up-to-date<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Have the same servers mentioned in your<\/span><a href=\"https:\/\/easydmarc.com\/blog\/what-is-dns-mx-record-and-how-to-check-it\/\" target=\"_blank\" rel=\"noopener\"> <span style=\"font-weight: 400;\">MX records<\/span><\/a><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Be trusted by a root certificate authority<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-implement-your-mta-sts-policy\"><b>Implement Your MTA-STS Policy<\/b><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">Setting up your MTA-STS DNS policy is relatively straightforward. But however important it is to reach the coveted \u201cenforce\u201d policy mode, advancing the mode from \u201ctesting\u201d takes time and focus.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Here are the steps to take before creating the DNS record and the MTA-STS file itself:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400;\">List all the domains and subdomains you plan to protect.<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Use a TLS checker to discover any issues with its configuration.<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Ensure that the certificates are up-to-date and TLS is on the 1.2 version or higher.<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Make sure your server supports the Secure Socket Layer Certificate (SSL). HTTP won\u2019t cut it \u2013 you need HTTPS.<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400;\">Use a holistic solution to ease your way into policy compliance.<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400;\">Now that you\u2019re all set, begin the three-step implementation process:<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-step-1-create-the-policy-in-testing-mode\"><b>Step 1. Create the Policy <\/b><b>in <\/b><b>Testing Mode<\/b><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">First of all, create the MTA-STS policy file. Follow the syntax above. Set the mode to \u201ctesting\u201d initially to see how the policy performs.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-step-2-upload-the-txt-file-to-the-web\"><b>Step 2. Upload the TXT File to the WEB<\/b><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">Ensure the file is accessible on the WEB upon request so senders can find it once the DNS record points to it. The URL should follow this syntax:<\/span><\/p>\n\n\n\n<p>https:\/\/mta-sts.example.com\/.well-known\/mta-sts.txt<\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">This means that you should create a \u201c.well-known\u201d folder and put the document there.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-step-3-publish-the-dns-record\"><b>Step 3. Publish the DNS Record<\/b><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">Publish the DNS Record, confirm it, and move to the next phase, TLS configuration.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-step-4-set-up-the-tls-rpt\"><b>Step 4. Set up the TLS-RPT<\/b><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">Create the DNS TLS entry as mentioned above and start receiving the reports. Don\u2019t forget that this is an MTA-STS test. Once you see everything working correctly, you can move to the next step.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-step-5-change-the-mode-to-enforce\"><b>Step 5. Change the Mode to \u201cEnforce\u201d<\/b><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">After this initial MTA-STS test, if everything runs smoothly, you can set the \u201cmode\u201d in the MTA-STS file to \u201cenforce.\u201d This will filter unencrypted emails.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>Step 6. Update the Version ID in Your DNS Record<\/b><\/h3>\n\n\n\n<p><span style=\"font-weight: 400;\">As the last step, don\u2019t forget to update the DNS with the new version ID.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400;\">Of course, these steps are simplified with EasyDMARC&#8217;s&nbsp; <a href=\"https:\/\/easydmarc.com\/tools\/managed-mta-sts\" target=\"_blank\" rel=\"noopener\">Managed MTA-STS tool<\/a>.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><b>Summary<\/b><\/h2>\n\n\n\n<p><span style=\"font-weight: 400;\">Implementing MTA-STS strengthens your email security by ensuring encrypted communication and protecting against man-in-the-middle attacks. Combining the MTA-STS policy with TLS Reporting gives you valuable insights into potential issues while preventing unauthorized email delivery. Although setting up MTA-STS requires careful planning and testing, the long-term benefits &#8211; enhanced security, better compliance, and reduced vulnerabilities &#8211; make it a vital tool for any organization. Start with testing mode, address any configuration issues, and gradually move to enforcement to secure your email ecosystem effectively. If you&#8217;re unsure,<\/span><a href=\"https:\/\/easydmarc.com\/contact-us\" target=\"_blank\" rel=\"noopener\"> <span style=\"font-weight: 400;\">contact<\/span><\/a><span style=\"font-weight: 400;\"> one of our DMARC engineers.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>MTA-STS (Mail Transfer Agent Strict Transport Security) is &#8230;<\/p>\n","protected":false},"author":30,"featured_media":28909,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[204,203],"tags":[],"class_list":["post-28908","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-email-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.5 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>MTA-STS: Why You Need It, How It Works | EasyDMARC<\/title>\n<meta name=\"description\" content=\"The MTA-STS DNS policy, coupled with TLS reports, is a reliable way to make your email communications more secure and prevent MIIM attacks\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"MTA-STS: Why You Need It, How It Works\" \/>\n<meta property=\"og:description\" content=\"The MTA-STS DNS policy, coupled with TLS reports, is a reliable way to make your email communications more secure and prevent MIIM attacks\" \/>\n<meta property=\"og:url\" content=\"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/\" \/>\n<meta property=\"og:site_name\" content=\"EasyDMARC\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/EasyDMARC\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-11-29T12:49:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-10T12:29:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/What-is-MTA-STS-and-Why-Do-You-Need-It_.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"910\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sarah Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@easydmarc\" \/>\n<meta name=\"twitter:site\" content=\"@easydmarc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sarah Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/\"},\"author\":{\"name\":\"Sarah Wilson\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#\\\/schema\\\/person\\\/205f64b37b241d54a61f9b7d16c3c178\"},\"headline\":\"MTA-STS: Why You Need It, How It Works\",\"datePublished\":\"2024-11-29T12:49:11+00:00\",\"dateModified\":\"2024-12-10T12:29:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/\"},\"wordCount\":1463,\"publisher\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/What-is-MTA-STS-and-Why-Do-You-Need-It_.jpg\",\"articleSection\":[\"Blog\",\"Email Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/\",\"name\":\"MTA-STS: Why You Need It, How It Works | EasyDMARC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/What-is-MTA-STS-and-Why-Do-You-Need-It_.jpg\",\"datePublished\":\"2024-11-29T12:49:11+00:00\",\"dateModified\":\"2024-12-10T12:29:17+00:00\",\"description\":\"The MTA-STS DNS policy, coupled with TLS reports, is a reliable way to make your email communications more secure and prevent MIIM attacks\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/#primaryimage\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/What-is-MTA-STS-and-Why-Do-You-Need-It_.jpg\",\"contentUrl\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/What-is-MTA-STS-and-Why-Do-You-Need-It_.jpg\",\"width\":1440,\"height\":910,\"caption\":\"What is MTA STS and Why Do You Need It\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-mta-sts-and-why-do-you-need-it\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/easydmarc.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/category\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Email Security\",\"item\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/category\\\/blog\\\/email-security\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"MTA-STS: Why You Need It, How It Works\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/\",\"name\":\"EasyDMARC\",\"description\":\"Blog\",\"publisher\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/#organization\",\"name\":\"EasyDMARC\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/img\\\/logo.png\"},\"image\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/EasyDMARC\\\/\",\"https:\\\/\\\/x.com\\\/easydmarc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/easydmarc\\\/mycompany\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#\\\/schema\\\/person\\\/205f64b37b241d54a61f9b7d16c3c178\",\"name\":\"Sarah Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d7f2cab4b5083e4305631e460d5603e6d9413f10725c760a4ba644e557bcc7c7?s=96&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d7f2cab4b5083e4305631e460d5603e6d9413f10725c760a4ba644e557bcc7c7?s=96&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d7f2cab4b5083e4305631e460d5603e6d9413f10725c760a4ba644e557bcc7c7?s=96&r=g\",\"caption\":\"Sarah Wilson\"},\"url\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/author\\\/sarah-wilson\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"MTA-STS: Why You Need It, How It Works | EasyDMARC","description":"The MTA-STS DNS policy, coupled with TLS reports, is a reliable way to make your email communications more secure and prevent MIIM attacks","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/","og_locale":"en_US","og_type":"article","og_title":"MTA-STS: Why You Need It, How It Works","og_description":"The MTA-STS DNS policy, coupled with TLS reports, is a reliable way to make your email communications more secure and prevent MIIM attacks","og_url":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/","og_site_name":"EasyDMARC","article_publisher":"https:\/\/www.facebook.com\/EasyDMARC\/","article_published_time":"2024-11-29T12:49:11+00:00","article_modified_time":"2024-12-10T12:29:17+00:00","og_image":[{"width":1440,"height":910,"url":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/What-is-MTA-STS-and-Why-Do-You-Need-It_.jpg","type":"image\/jpeg"}],"author":"Sarah Wilson","twitter_card":"summary_large_image","twitter_creator":"@easydmarc","twitter_site":"@easydmarc","twitter_misc":{"Written by":"Sarah Wilson","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/#article","isPartOf":{"@id":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/"},"author":{"name":"Sarah Wilson","@id":"https:\/\/easydmarc.com\/blog\/#\/schema\/person\/205f64b37b241d54a61f9b7d16c3c178"},"headline":"MTA-STS: Why You Need It, How It Works","datePublished":"2024-11-29T12:49:11+00:00","dateModified":"2024-12-10T12:29:17+00:00","mainEntityOfPage":{"@id":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/"},"wordCount":1463,"publisher":{"@id":"https:\/\/easydmarc.com\/blog\/#organization"},"image":{"@id":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/#primaryimage"},"thumbnailUrl":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/What-is-MTA-STS-and-Why-Do-You-Need-It_.jpg","articleSection":["Blog","Email Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/","url":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/","name":"MTA-STS: Why You Need It, How It Works | EasyDMARC","isPartOf":{"@id":"https:\/\/easydmarc.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/#primaryimage"},"image":{"@id":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/#primaryimage"},"thumbnailUrl":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/What-is-MTA-STS-and-Why-Do-You-Need-It_.jpg","datePublished":"2024-11-29T12:49:11+00:00","dateModified":"2024-12-10T12:29:17+00:00","description":"The MTA-STS DNS policy, coupled with TLS reports, is a reliable way to make your email communications more secure and prevent MIIM attacks","breadcrumb":{"@id":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/#primaryimage","url":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/What-is-MTA-STS-and-Why-Do-You-Need-It_.jpg","contentUrl":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/What-is-MTA-STS-and-Why-Do-You-Need-It_.jpg","width":1440,"height":910,"caption":"What is MTA STS and Why Do You Need It"},{"@type":"BreadcrumbList","@id":"https:\/\/easydmarc.com\/blog\/what-is-mta-sts-and-why-do-you-need-it\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/easydmarc.com\/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/easydmarc.com\/blog\/category\/blog\/"},{"@type":"ListItem","position":3,"name":"Email Security","item":"https:\/\/easydmarc.com\/blog\/category\/blog\/email-security\/"},{"@type":"ListItem","position":4,"name":"MTA-STS: Why You Need It, How It Works"}]},{"@type":"WebSite","@id":"https:\/\/easydmarc.com\/blog\/#website","url":"https:\/\/easydmarc.com\/blog\/","name":"EasyDMARC","description":"Blog","publisher":{"@id":"https:\/\/easydmarc.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/easydmarc.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/easydmarc.com\/#organization","name":"EasyDMARC","url":"https:\/\/easydmarc.com\/","logo":{"@type":"ImageObject","url":"https:\/\/easydmarc.com\/img\/logo.png"},"image":{"@id":"https:\/\/easydmarc.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/EasyDMARC\/","https:\/\/x.com\/easydmarc","https:\/\/www.linkedin.com\/company\/easydmarc\/mycompany\/"]},{"@type":"Person","@id":"https:\/\/easydmarc.com\/blog\/#\/schema\/person\/205f64b37b241d54a61f9b7d16c3c178","name":"Sarah Wilson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d7f2cab4b5083e4305631e460d5603e6d9413f10725c760a4ba644e557bcc7c7?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d7f2cab4b5083e4305631e460d5603e6d9413f10725c760a4ba644e557bcc7c7?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d7f2cab4b5083e4305631e460d5603e6d9413f10725c760a4ba644e557bcc7c7?s=96&r=g","caption":"Sarah Wilson"},"url":"https:\/\/easydmarc.com\/blog\/author\/sarah-wilson\/"}]}},"jetpack_featured_media_url":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/07\/What-is-MTA-STS-and-Why-Do-You-Need-It_.jpg","_links":{"self":[{"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/posts\/28908","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/comments?post=28908"}],"version-history":[{"count":5,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/posts\/28908\/revisions"}],"predecessor-version":[{"id":43213,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/posts\/28908\/revisions\/43213"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/media\/28909"}],"wp:attachment":[{"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/media?parent=28908"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/categories?post=28908"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/tags?post=28908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}