Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Exchange Online Gets MTA-STS Support to Improve Email Security

Microsoft has announced new security capabilities for Exchange Online customers. The company has finally added support for SMTP MTA Strict Transport Security (MTA-STS) to its Exchange Online service that will use Transport Layer Security (TLS) encryption to secure emails and prevent man-in-the-middle or downgrade attacks.

As a reminder, Microsoft unveiled its plans to launch MTA-STS support Exchange Online back in September 2020. The MTA-STS standard allows users to enable TLS encryption for all outbound emails sent via Exchange Online, making it harder for attackers to intercept emails. It helps to solve the weaknesses of SMTP, such as expired TLS certificates, lack of support for secure protocols, issues with third-party certificates, and more.

“MTA-STS (RFC8461) helps thwart such attacks by providing a mechanism for setting domain policies that specify whether the receiving domain supports TLS and what to do when TLS can’t be negotiated, for example stop the transmission,” Microsoft’s Exchange team explained.

It is important to note that the new security feature is enabled by default for all Exchange Online customers worldwide. However, the Exchange team has provided some recommendations to help domain owners interested in adopting MTA-STS, and you can check out the official blog post for more details.

Exchange Online to get support for DANE for SMTP with DNSSEC

In addition to MTA-STS, Microsoft is also bringing support for DANE for SMTP with DNSSEC to the Exchange Online service, which should offer better protection than MTA-STS. DANE for SMTP is a popular security standard that uses TLS Authentication DNS records to provide a more secure method for mail transport. Moreover, DNSSEC leverages the public-key cryptography technique to sign the TLSA records in DNS digitally.

Microsoft plans to roll out DANE for SMTP and DNSSEC support in two phases to Exchange Online customers in the coming months. “The first phase, DANE and DNSSEC for outbound email (from Exchange Online to external destinations), is slowly being deployed between now and March 2022. We expect the second phase, support for inbound email, to start by the end of 2022,” the Exchange team noted.

by Rabia Noureen
Feb 4, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

How to Connect to Exchange Online Using PowerShell

Jun 9, 2023
Dec 05, 2023
How to Get Started With Exchange Online Archiving

Jun 16, 2023
Aug 11, 2023
Microsoft Says Chinese Hackers Compromised Exchange Email Accounts

Jul 13, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.