MTA-STS Standard to More Secure Gmail

SMTP MTA Strict Transport Security (MTA-STS)

MTA-STS is a process which allows the mail service providers (SPs) to showcase their ability to receive Transport Layer Security (TLS), secure SMTP connections and to clarify whether the sending SMTP servers should deny to deliver to MX hosts that do not offer TLS with a trusted server certificate.

 Importance:

Gmail will start enforcing this standard in beta for security purpose. It is helpful for G Suite admins with respect to the below  security aspects:

1.  Security health within the security center for G Suite will start including recommendations about MTA-STS policies for your domain.

2. G Suite admins can choose to set up MTA-STS policies and reporting for incoming mail in their DNS server. Now that Gmail is enforcing the MTA-STS policies, it will be more impactful.

This feature is helpful for admins and end users as well.

Usability: 

MTA-STS is a latest internet standard that increases email security which itself monitors the email traffic and takes the course of action against pervasive monitoring of emails and protects against man-in-the-middle attacks. 

As admin you can make the email communications more secure by enabling MTA-STS policies and also can request the organization to set MTA-STS policies for  mail servers with which frequent communication happens.

Usage and Implementation:

This feature is for G Suite Admins as they can implement this security feature on domain level for email security. Once this feature is enabled and implemented end users do not need to take any action. End users will be directly able to take advantage of this feature.

This function will be very helpful and will add an extra eye for email security. 

To get started with the MTA-STS set up, first you need to define the MTA-STS policies and then you can implement it. 

Post Implementation Outcomes 

While you don’t anticipate significant increase in bounce backs, there are two aspects of the new standard which could result in bounce backs: 

1. TLS enforcement with certificate validation will prevent bad actors from intercepting emails in transit just like HTTPS does it for web traffic. If someone tries to interdict the email, as Gmail enforces MTA-STS, it will now bounce back and will prevent the interception.

2. Once the policies set by servers you are sending mail to, it’s possible that they might have misconfigured policies or their servers which could result in non-delivery of emails and users will get an email bounce back with details. So kindly make sure that it will be configured properly at recipients' end as well. 

MTA-STS security recommendations for your domain

You can validate it in the Admin console, navigate to Apps > G Suite > Settings for Gmail > Advanced settings.

You will be able to validate your MTA-STS configuration.

Availability across G Suite editions

Previously it’s available for Enterprise and G Suite Enterprise for Education customers only, but now it’s available for all G Suite editions. 

MTA-STS policies for your domain can be enabled at the domain level and will be OFF by default. 

MTA-STS policy suggestions will be ON by default in the security center.

References for set up and more details :

G Suite admins can set policies for incoming mails through their DNS server. 

The G Suite Admins can refer the below-given links to use and define MTA_STS standards and policies for your domain

Set up an MTA-STS policy for your domain. 

Use the MTA-STS standard. 

define MTA-STS policies for your domain.  

SMTP MTA Strict Transport Security (MTA-STS)