Exchange Online Gets MTA-STS Support to Improve Email Security
Microsoft has announced new security capabilities for Exchange Online customers. The company has finally added support for SMTP MTA Strict Transport Security (MTA-STS) to its Exchange Online service that will use Transport Layer Security (TLS) encryption to secure emails and prevent man-in-the-middle or downgrade attacks.
As a reminder, Microsoft unveiled its plans to launch MTA-STS support Exchange Online back in September 2020. The MTA-STS standard allows users to enable TLS encryption for all outbound emails sent via Exchange Online, making it harder for attackers to intercept emails. It helps to solve the weaknesses of SMTP, such as expired TLS certificates, lack of support for secure protocols, issues with third-party certificates, and more.
“MTA-STS (RFC8461) helps thwart such attacks by providing a mechanism for setting domain policies that specify whether the receiving domain supports TLS and what to do when TLS can’t be negotiated, for example stop the transmission,” Microsoft’s Exchange team explained.
It is important to note that the new security feature is enabled by default for all Exchange Online customers worldwide. However, the Exchange team has provided some recommendations to help domain owners interested in adopting MTA-STS, and you can check out the official blog post for more details.
Exchange Online to get support for DANE for SMTP with DNSSEC
In addition to MTA-STS, Microsoft is also bringing support for DANE for SMTP with DNSSEC to the Exchange Online service, which should offer better protection than MTA-STS. DANE for SMTP is a popular security standard that uses TLS Authentication DNS records to provide a more secure method for mail transport. Moreover, DNSSEC leverages the public-key cryptography technique to sign the TLSA records in DNS digitally.
Microsoft plans to roll out DANE for SMTP and DNSSEC support in two phases to Exchange Online customers in the coming months. “The first phase, DANE and DNSSEC for outbound email (from Exchange Online to external destinations), is slowly being deployed between now and March 2022. We expect the second phase, support for inbound email, to start by the end of 2022,” the Exchange team noted.
More in Security
Microsoft Defender for Individuals Gets New Identity Theft Monitoring Capabilities
Oct 4, 2022 | Rabia Noureen
Petri Dish: Cybersecurity vs IT Security with Devolutions
Sep 28, 2022 | Russell Smith
Stop MFA Fatigue with Additional Context and Number Matching for Microsoft Authenticator
Sep 22, 2022 | Rabia Noureen
Researchers Warn About New Shikitega Malware Targeting Linux Endpoints and IoT Devices
Sep 12, 2022 | Rabia Noureen
LastPass Confirms Internal Source Code Compromised in Security Breach
Aug 26, 2022 | Rabia Noureen
Avast Gets New Ransomware Shield to Protect Small Businesses
Aug 24, 2022 | Rabia Noureen
Most popular on petri