Google introduces MTA-STS and TLS Reporting support for Gmail

• The email service provider is the first to support these new standards which were developed in 2018.
• While MTA-STS enables Gmail to have authentication checks and encryption for emails sent with its domain, TLS Reporting can fetch information on external servers connected to the domain.

As a step to boost email security, Google’s popular email service Gmail comes with new Internet standards. MTA-Strict Transport Security (STS) and Transport Layer Security (TLS) Reporting are the two recent standards that were announced in Gmail. These standards further enhance the security provided by Simple Mail Transfer Protocol (SMTP) which is used by Gmail and other email service providers as well.

Worth noting

• With MTA-STS, external servers can now send messages to the domain only if the SMTP connection is authenticated with a valid public certificate and encrypted with TLS 1.2. Similarly, emails sent from the domain can only be received by external servers that have an MTA-STS policy.
• TLS Reporting can furnish daily reports from external mail servers those connected with the domain. These reports contain information on connection problems as well as security issues associated with the servers.
• Both these standards were launched in Beta on Wednesday, and are approved by Internet Engineering Task Force (IETF).

Why it matters?

The two new standards will be a formidable asset in tackling man-in-the-middle (MITM) attacks that are usually carried out on SMTP connections. With this implementation, Google aims to crack down on large scale attacks perpetrated on email servers.

In a Help Center post, Google stated that, “SMTP alone does not provide security, and many SMTP servers don’t have added security to prevent certain types of malicious attacks. For example, SMTP is vulnerable to man-in-the-middle attacks. Man-in-the-middle is an attack where communication between two servers is intercepted and possibly changed without detection. Using MTA-STS to increase security for mail server connections helps prevent these types of attacks.”