SMTP MTA Strict Transport Security (MTA-STS)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
D. Margolis, M. Risher, B. Ramakrishnan, A. Brotman, J. Jones · 2018-09
Abstract
SMTP MTA Strict Transport Security (MTA-STS) is a mechanism enabling mail service providers to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.
Why This RFC Matters
RFC 8461 addressed the longstanding weakness in SMTP's opportunistic TLS model, where an attacker performing a downgrade or MITM attack could strip TLS from email delivery without detection. MTA-STS allows domain owners to publish a policy (via a well-known HTTPS URL) declaring that all inbound SMTP connections must use TLS with a valid certificate, and sending MTAs that honor MTA-STS will refuse to deliver in plaintext. Combined with SMTP TLS Reporting (RFC 8460), MTA-STS gives email administrators visibility into delivery failures and active downgrade attempts, significantly strengthening the email security posture for domains that deploy it.