Email has become a ubiquitous means of professional and personal communication. Because email is involved in almost every aspect of business operations – customer support, sales, marketing, vendor management, etc. – security and delivery have become fundamentally important. Several protocols have been developed to ensure that emails are delivered securely, including SPF, DKIM, and DMARC. Recently, two additional protocols, MTA-STS and TLS-RPT, have been introduced to provide additional security.
Enforcing TLS for Email Connections
Mail Transport Agent Strict Transport Security (MTA-STS) is a protocol that guarantees emails are sent securely using Transport Layer Security (TLS). First introduced in 2018, this protocol works by configuring a recipient email server to require a valid TLS certificate before accepting connections from sending servers. This ensures that the connections between servers are encrypted and cannot be intercepted by attackers.
TLS Reporting and Compliance (TLS-RPT) is another protocol introduced in 2018 that allows for detailed reports on TLS failures between email servers to be sent to a reporting email address. With TLS-RPT, a server admin can monitor for issues related to encryption between email servers, allowing them to rectify any problems that would result in delivery issues. TLS-RPT is necessary when MTA-STS is configured to ensure any delivery issues related to TLS are reported to the proper resource for remediation.
Both MTA-STS and TLS-RPT are relatively new protocols, and not all email servers support them yet. However, they are becoming increasingly popular due to their effectiveness in enhancing email security. By implementing MTA-STS and TLS-RPT, organizations can further improve the reliability of their email systems and reduce the risk of email-related attacks.
Email Security Protocols
When combined with existing email security protocols such as SPF, DKIM, and DMARC, MTA-STS and TLS-RPT provide a comprehensive security solution for email. SPF (Sender Policy Framework) is a protocol that checks if an email server is authorized to send an email from a particular domain, while DKIM (DomainKeys Identified Mail) adds a digital signature to an email to verify its authenticity. DMARC (Domain-based Message Authentication, Reporting, and Conformance) builds upon these protocols and enables domain owners to specify how receivers should handle emails that fail authentication checks.
MTA-STS and TLS-RPT are important protocols that can enhance email security and deliverability by enforcing communication encryption and providing detailed reports on any TLS failures. MTA-STS and TLS-RPT are becoming increasingly popular – with 33% of the largest email providers adopting the protocol by the end of 2022. Unfortunately, fewer than 0.5% of the top 10k email senders had these protocols in place.
The email protocols SPF, DKIM, DMARK, MTA-STS, and TLS-RPT combined provide comprehensive security for email systems. By implementing these critical protocols, organizations improve the reliability of email delivery and the security of their email systems, protecting themselves and their customers from email-related attacks. While MTA-STS and TLS-RPT are relatively new, they continue to grow in popularity with businesses that are intent on protecting themselves and their customers from email-related attacks.