Exchange Online Gets MTA-STS Support to Improve Email Security
Microsoft has announced new security capabilities for Exchange Online customers. The company has finally added support for SMTP MTA Strict Transport Security (MTA-STS) to its Exchange Online service that will use Transport Layer Security (TLS) encryption to secure emails and prevent man-in-the-middle or downgrade attacks.
As a reminder, Microsoft unveiled its plans to launch MTA-STS support Exchange Online back in September 2020. The MTA-STS standard allows users to enable TLS encryption for all outbound emails sent via Exchange Online, making it harder for attackers to intercept emails. It helps to solve the weaknesses of SMTP, such as expired TLS certificates, lack of support for secure protocols, issues with third-party certificates, and more.
“MTA-STS (RFC8461) helps thwart such attacks by providing a mechanism for setting domain policies that specify whether the receiving domain supports TLS and what to do when TLS can’t be negotiated, for example stop the transmission,” Microsoft’s Exchange team explained.
It is important to note that the new security feature is enabled by default for all Exchange Online customers worldwide. However, the Exchange team has provided some recommendations to help domain owners interested in adopting MTA-STS, and you can check out the official blog post for more details.
Exchange Online to get support for DANE for SMTP with DNSSEC
In addition to MTA-STS, Microsoft is also bringing support for DANE for SMTP with DNSSEC to the Exchange Online service, which should offer better protection than MTA-STS. DANE for SMTP is a popular security standard that uses TLS Authentication DNS records to provide a more secure method for mail transport. Moreover, DNSSEC leverages the public-key cryptography technique to sign the TLSA records in DNS digitally.
Microsoft plans to roll out DANE for SMTP and DNSSEC support in two phases to Exchange Online customers in the coming months. “The first phase, DANE and DNSSEC for outbound email (from Exchange Online to external destinations), is slowly being deployed between now and March 2022. We expect the second phase, support for inbound email, to start by the end of 2022,” the Exchange team noted.
More in Security
FireCompass Raises $7 Million to Improve its CART and ASM Capabilities
Feb 7, 2023 | Laurent Giret
Microsoft Purview Adds Adaptive Protection to Dynamically Mitigate Risks
Feb 7, 2023 | Rabia Noureen
Atlassian Releases Patches for Critical Authentication Vulnerability in Jira Software
Feb 6, 2023 | Rabia Noureen
What is Microsoft Sentinel and How Does It Protect Cloud and On-Premises Resources?
Feb 2, 2023 | Mustafa Toroman
Microsoft Warns About New Consent-Phishing Attacks Used to Steal Data
Feb 1, 2023 | Rabia Noureen
Microsoft Defender for Endpoint Adds Device Isolation Support for Linux Machines
Jan 31, 2023 | Rabia Noureen
Most popular on petri