Hosted MTA-STS by URIports

SMTP MTA Strict Transport Security (MTA-STS) is a mechanism enabling mail service providers (SPs) to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.

Secure communication

These days, most domains have properly secured email (MX) servers that support TLS. However, without DANE or MTA-STS, this communication security is opportunistic and vulnerable to MiTM downgrade attacks.

MTA-STS policy

Publishing an (enforced) MTA-STS policy declares that all inbound email communication should be secure and no emails should be delivered over an insecure connection.

Set up MTA-STS

Setting up an MTA-STS policy is pretty straightforward; publish a TXT DNS record, set up a secure webserver for subdomain mta-sts and add an mta-sts.txt file to that subdomain's .well-known folder with your policy.

While setting this up might take just an hour for a seasoned administrator, it also requires that web certificates are renewed on time and MX records are checked for updates and issues.

Hosted MTA-STS

URIports is here to make publishing an MTA-STS policy a breeze. By adding just two CNAME records to your domain's DNS, URIports will publish an RFC-compliant MTA-STS policy using the latest best practices and periodically validate your policy and email setup. It doesn't get any easier than this and upgrades your email security substantially.

💡
To activate Hosted MTA-STS, click on the user icon in the top right corner of your screen to access your account settings. From there, select the Hosted MTA-STS option under the "Account" section.
Hosted MTA-STS with URIports

FREE

Hosted MTA-STS is included at no extra charge in our Pebble Plus, Stone, Mountain, and Himalaya subscriptions.

Prerequisites

Before enforcing an MTA-STS policy, it is recommended to validate that your domain's email servers support TLS and have proper TLS certificates that match the MX hostnames. You can use our free validation tool here to check if your domain is MTA-STS ready.