What is MTA-STS?

MTA STS, also known as Mail Transfer Agent Strict Transport Security, is a security standard defined in RFC 8461 that forces encrypted transport between mail servers. It ensures that when your server communicates with another server, the connection uses valid TLS encryption and a trusted certificate. It was designed as a pragmatic and scalable alternative to DANE which is the DNS based Authentication of Named Entities defined in RFC 6698 which provides similar protections but requires DNSSEC.

MTA STS applies specifically to SMTP conversations between mail transfer agents. It does not control how end users connect to their mailbox with webmail or IMAP.

It is the maritime rule that says every ship entering your harbor must arrive over safe waters using certified navigation equipment.