{"id":5459,"date":"2019-05-04T15:46:28","date_gmt":"2019-05-04T08:46:28","guid":{"rendered":"http:\/\/54.151.235.32\/?p=5459"},"modified":"2021-03-03T18:00:26","modified_gmt":"2021-03-03T11:00:26","slug":"google-announced-today-that-gmail-has-become-the-first-major-email-provider-to-support-two-new-security-standards-namely-mta-sts-and-tls-reporting","status":"publish","type":"post","link":"https:\/\/renovacloud.com\/en\/google-announced-today-that-gmail-has-become-the-first-major-email-provider-to-support-two-new-security-standards-namely-mta-sts-and-tls-reporting\/","title":{"rendered":"Gmail becomes first major email provider to support MTA-STS and TLS Reporting"},"content":{"rendered":"<p><b>Google announced today that Gmail Google has become the first major email provider to support two new security standards, namely MTA-STS and TLS Reporting.\u00a0<\/b><b>Both are extensions to the Simple Mail Transfer Protocol (SMTP), the protocol through which all emails are sent today.<\/b><\/p>\n<p><b>The purpose of MTA-STS and TLS Reporting is to help email providers establish cryptographically secure connections between each other, with the main goal of twarthing SMTP man-in-the-middle attacks.\u00a0<\/b><strong>SMTP man-in-the-middle attacks are a major problem for today&#8217;s email landscape, where rogue email server operators can intercept, read, and modify the contents of people&#8217;s emails.\u00a0The two new standards will prevent this by allowing legitimate email providers to create a secure channel for exchanging emails.<\/strong><\/p>\n<h4><strong>What&#8217;s MTS &#8211; STS\u00a0 and TLS reporting on<\/strong><b> major email provider?<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">For example, SMTP MTA Strict Transport Security (MTA-STS) works by allowing email server admins to set up an MTA-STS policy on their server.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This policy allows a legitimate provider to request that external email servers verify the security of a SMTP connections before sending any emails.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Minimum requirements, such as forcing external email servers to authenticate with a valid public certificate encrypted with TLS 1.2 or higher, can be enforced, depending on preferences, ensuring that emails sent to a company&#8217;s server travel through an obligatory and properly encrypted channel &#8211;or they don&#8217;t arrive at all.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In addition, the TLS Reporting SMTP extension sets up a reporting mechanism through which a legitimate email server can request daily reports from other email servers about the success or failure of emails that have been sent to the legitimate server&#8217;s domain.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Both, when combined, will either prevent or help email server admins identify SMTP man-in-the-middle attacks against their email traffic.<\/span><\/p>\n<h4><b>Major Email Provider &#8211;\u00a0<\/b>Google, Microsoft, Yahoo Worked On Protocols For Years<\/h4>\n<p><span style=\"font-weight: 400;\">While Google was the first email provider to roll out MTA-STS and TLS Reporting today, others are expected to follow, with Microsoft, Comcast, and Yahoo in the driver&#8217;s seat, as all three worked with Google enginers to standardize the two SMTP security extensions at the Internet Engineering Task Force (IETF) &#8211;the organization that approves internet standards.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">And yes, both are IETF-approved standards already. MTA-STS is IETF standard RFC 8461, while SMTP TLS Reporting is RFC 8460.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For now, Gmail servers are the only ones supporting these two new standards, which will become truly effective when other email providers join in and create a mesh of properly-encrypted connections between all <strong>email servers<\/strong> worldwide.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google announced today that Gmail Google has become the first major email provider to support two new security standards, namely MTA-STS and TLS Reporting.\u00a0Both are extensions to the Simple Mail Transfer Protocol (SMTP), the protocol through which all emails are sent today. The purpose of MTA-STS and TLS Reporting is to help email providers establish [&#8230;]\n","protected":false},"author":2,"featured_media":5464,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[133,134,135],"class_list":["post-5459","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-and-analytics","tag-email-servers","tag-gmail-google","tag-major-email-provider"],"_links":{"self":[{"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/posts\/5459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/comments?post=5459"}],"version-history":[{"count":0,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/posts\/5459\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/media\/5464"}],"wp:attachment":[{"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/media?parent=5459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/categories?post=5459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/tags?post=5459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}