Gmail now supports the MTA-STS and TLS Reporting security standards
In a first for a major email service, Google has announced that Gmail now supports the MTA-STS and TLS Reporting security standards.
The two standards help to avoid man-in-the-middle attacks, using encryption and authentication to add new layers of security. Google says that Gmail's MTA-STS adherence is now in beta, and the company hopes that by supporting the standard other providers with follow suit.
- How to schedule emails in Gmail
- Google now lets you use your Android phone as a 2SV security key
- Google closes down its AI ethics council just one week after its launch
From an end-user's point of view, support for these standards will mean and change very little; but for businesses and organizations that use G Suite, the enhanced security will be welcomed. In short, it means that it is now possible to check that an SMTP connection is properly secure before any emails are sent.
In a blog post about the launch of beta support for MTA-STS and TLS Reporting, Google says:
A MTA-STS policy for your domain means that you request external mail servers sending messages to your domain to verify the SMTP connection is authenticated with a valid public certificate and encrypted with TLS 1.2 or higher. This can be combined with TLS reporting, that means your domain can request daily reports from external mail servers with information about the success or failure of emails sent to your domain according to MTA-STS policy.
Google has more information about MTA-STS and TLS Reporting in a support document.