Introducing full MTA-STS for all customers, free of charge
2025-09-08 17:27Mail Transfer Agent - Strict Transport Security
Calport offers full integration and support for Mail Transfer Agent-Strict Transport Security (MTA-STS), a critical new standard for securing email delivery. This new feature will be available to all customers with our hosted email services, at no additional cost.
What is MTA-STS?
MTA-STS is an Internet standard designed to prevent man-in-the-middle (MITM) attacks and other email security vulnerabilities. In simple terms, it enforces a secure, encrypted connection (using TLS) between two mail servers.
While other email security protocols like SPF, DKIM, and DMARC focus on authenticating the sender, MTA-STS addresses a different, but equally important, vulnerability: the transport of the email itself. Traditionally, email servers may "fall back" to an unencrypted connection if a secure one cannot be established. This leaves the email and its contents vulnerable to interception and tampering.
By implementing MTA-STS, we are telling all other email providers (that also support the standard, such as Google, Microsoft, and Yahoo) that emails sent to your domain must use a secure connection. If a secure connection cannot be established, the email will not be delivered, preventing it from being sent in cleartext.
Key Benefits for Our Customers
- Enhanced Data Privacy: Protects the content of your emails from being intercepted or read by unauthorized parties during transit. This is particularly crucial for businesses handling sensitive customer data, confidential information, or financial communications.
- Protection Against Attacks: Defends against a range of sophisticated cyber threats, including SMTP downgrade attacks and DNS spoofing, which are used to trick mail servers into sending unencrypted email.
- Increased Trust and Reputation: Demonstrating a commitment to the highest security standards builds trust with your partners and clients, reassuring them that their communications with you are secure.
- Simple Implementation: We have made the process seamless. For many customers, MTA-STS will be automatically configured. For others, a simple DNS record update is all that's required. Our support team has created detailed guides to walk you through the process, and our customer support is available 24/7 to assist with any questions.
- Full Managed Solution: Calport will manage the complex technical requirements of MTA-STS, including hosting the required policy file, managing the SSL certificate for the
mta-stssubdomain, and ensuring the policy is always up-to-date and RFC-compliant.
Our engineering team has built a robust infrastructure to manage these requirements on your behalf. We will handle the hosting of the policy file and the management of the SSL certificate, so you don’t have to. We are also integrating support for SMTP TLS Reporting (TLS-RPT), which provides valuable reports on failed secure connections, allowing you to quickly identify and troubleshoot any potential issues.
We are committed to providing you with the most secure and reliable hosting environment. The addition of MTA-STS is another step in our ongoing effort to protect our customers and their data in an ever-evolving threat landscape.