MTA-STS (Mail Transfer Agent Strict Transport Security)
A stricter, "certificate-based" encryption standard. DANE (using TLSA records in DNS) is a more advanced alternative to MTA-STS. It tells other servers the exact certificate they must use to connect, preventing sophisticated "man-in-the-middle" attacks.
Questions about MTA-STS (Mail Transfer Agent Strict Transport Security)
What is MTA-STS?
What is MTA-STS and how does it secure email in transit?
How does it differ from STARTTLS opportunistic encryption?
How does MTA-STS improve email security?
Does MTA-STS encrypt emails?
How does MTA-STS prevent downgrade attacks?
What are the components of MTA-STS (policy file, DNS record)?
How do I implement MTA-STS?
Which mailbox providers support MTA-STS checking?
What are the policy modes (enforce, testing, none)?
How is MTA-STS policy published and cached?
What are common MTA-STS setup issues?
Why is certificate expiration a problem?
What are limitations of MTA-STS deployment?