Exchange Online Gets MTA-STS Support to Improve Email Security
Microsoft has announced new security capabilities for Exchange Online customers. The company has finally added support for SMTP MTA Strict Transport Security (MTA-STS) to its Exchange Online service that will use Transport Layer Security (TLS) encryption to secure emails and prevent man-in-the-middle or downgrade attacks.
As a reminder, Microsoft unveiled its plans to launch MTA-STS support Exchange Online back in September 2020. The MTA-STS standard allows users to enable TLS encryption for all outbound emails sent via Exchange Online, making it harder for attackers to intercept emails. It helps to solve the weaknesses of SMTP, such as expired TLS certificates, lack of support for secure protocols, issues with third-party certificates, and more.
“MTA-STS (RFC8461) helps thwart such attacks by providing a mechanism for setting domain policies that specify whether the receiving domain supports TLS and what to do when TLS can’t be negotiated, for example stop the transmission,” Microsoft’s Exchange team explained.
It is important to note that the new security feature is enabled by default for all Exchange Online customers worldwide. However, the Exchange team has provided some recommendations to help domain owners interested in adopting MTA-STS, and you can check out the official blog post for more details.
Exchange Online to get support for DANE for SMTP with DNSSEC
In addition to MTA-STS, Microsoft is also bringing support for DANE for SMTP with DNSSEC to the Exchange Online service, which should offer better protection than MTA-STS. DANE for SMTP is a popular security standard that uses TLS Authentication DNS records to provide a more secure method for mail transport. Moreover, DNSSEC leverages the public-key cryptography technique to sign the TLSA records in DNS digitally.
Microsoft plans to roll out DANE for SMTP and DNSSEC support in two phases to Exchange Online customers in the coming months. “The first phase, DANE and DNSSEC for outbound email (from Exchange Online to external destinations), is slowly being deployed between now and March 2022. We expect the second phase, support for inbound email, to start by the end of 2022,” the Exchange team noted.
More in Security
Microsoft Releases Patches to Address Azure FabricScape Flaw Affecting Linux Workloads
Jun 29, 2022 | Rabia Noureen
Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations
Jun 27, 2022 | Rabia Noureen
CISA Warns Unpatched VMware Servers Remain Vulnerable to Log4Shell
Jun 24, 2022 | Rabia Noureen
QNAP Releases Patch to Fix PHP Security Flaw Affecting Select NAS Devices
Jun 23, 2022 | Rabia Noureen
Microsoft Unveils New Edge Secured-Core IoT Devices to Block Firmware Attacks
Jun 22, 2022 | Rabia Noureen
QNAP Warns NAS Users About New DeadBolt Ransomware Campaign
Jun 20, 2022 | Rabia Noureen
Most popular on petri