Hosted MTA-STS by URIports
Publish an MTA-STS policy by adding just two CNAME records to your domain's DNS. URIports will publish an RFC-compliant MTA-STS policy using the latest best practices and periodically validate your policy and email setup.
SMTP MTA Strict Transport Security (MTA-STS) is a mechanism enabling mail service providers (SPs) to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.
Secure communication
These days, most domains have properly secured email (MX) servers that support TLS. However, without DANE or MTA-STS, this communication security is opportunistic and vulnerable to MiTM downgrade attacks.
MTA-STS policy
Publishing an (enforced) MTA-STS policy declares that all inbound email communication should be secure and no emails should be delivered over an insecure connection.
Set up MTA-STS
Setting up an MTA-STS policy is pretty straightforward; publish a TXT DNS record, set up a secure webserver for subdomain mta-sts
and add an mta-sts.txt
file to that subdomain's .well-known
folder with your policy.
While setting this up might take just an hour for a seasoned administrator, it also requires that web certificates are renewed on time and MX records are checked for updates and issues.
Hosted MTA-STS
URIports is here to make publishing an MTA-STS policy a breeze. By adding just two CNAME records to your domain's DNS, URIports will publish an RFC-compliant MTA-STS policy using the latest best practices and periodically validate your policy and email setup. It doesn't get any easier than this and upgrades your email security substantially.
FREE
Hosted MTA-STS is included at no extra charge in our Pebble Plus, Stone, Mountain, and Himalaya subscriptions.
Prerequisites
Before enforcing an MTA-STS policy, it is recommended to validate that your domain's email servers support TLS and have proper TLS certificates that match the MX hostnames. You can use our free validation tool here to check if your domain is MTA-STS ready.