Suped

Does MTA-STS ensure email deliverability?

The short answer is no, MTA-STS does not directly ensure email deliverability. In fact, in some cases, it can prevent email delivery. It's a common point of confusion, so let's break it down. MTA-STS is primarily an email security standard, not a deliverability one. Its job is to make sure that when an email is sent, it travels across the internet through a secure, encrypted connection.

While security and deliverability are related, they aren't the same thing. Deliverability is about getting your email into the recipient's inbox, avoiding the spam folder or being blocked entirely. MTA-STS is focused on protecting the email from being snooped on or altered while it's in transit.

Suped DMARC monitor
Free forever, no credit card required
Get started for free
Trusted by teams securing millions of inboxes
Company logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logo

What is MTA-STS?

MTA-STS stands for Mail Transfer Agent Strict Transport Security. It’s a protocol that allows a domain to signal that it wants to receive emails only over a secure, encrypted connection using TLS (Transport Layer Security). Think of it as HTTPS for email transit.

www.skysnag.com logo
Skysnag says:
Visit website
MTA-STS is a policy enforcement mechanism that allows an email receiving domain to declare via DNS that it enforces STARTTLS for inbound email.

This mechanism is designed to combat man-in-the-middle (MITM) attacks, where an attacker could intercept an email, read it, or even change its contents. By enforcing an encrypted connection, MTA-STS ensures the message remains confidential and intact between mail servers.

How MTA-STS can affect deliverability

This is where the nuance comes in. MTA-STS can both help and hinder email delivery, depending on the configuration and the circumstances.

When MTA-STS prevents delivery

An MTA-STS policy can be set to enforce. When a domain has this policy, it tells sending mail servers: "Do not send me any email unless you can establish a secure, encrypted TLS connection." If the sending server is unable to create that secure connection for any reason, it is instructed not to deliver the email at all. The message will bounce.

www.mailmodo.com logo
Mailmodo says:
Visit website
With MTA-STS, servers can refuse to deliver the message to non-compliant servers, resulting in the email being bounced.

In this scenario, MTA-STS prioritizes security over deliverability. It's a deliberate choice to reject a potentially insecure email rather than risk it being intercepted.

When MTA-STS indirectly helps deliverability

On the other hand, successfully implementing security standards like MTA-STS signals to mailbox providers like Gmail and Outlook that you are a responsible, security-conscious sender. While they may not directly reward you with better inbox placement for having an MTA-STS policy, it contributes to an overall positive reputation. Strong security practices are part of a larger picture of good email hygiene that can indirectly support your deliverability efforts. As noted by YourDMARC, using secure connections can reduce the chances of email being rejected for security reasons.

MTA-STS vs. other email standards

It's crucial to distinguish MTA-STS from authentication protocols like SPF, DKIM, and DMARC, which are the true cornerstones of email deliverability.

community.spiceworks.com logo
Spiceworks Community says:
Visit website
Deliverability will be affected by bad SPF records, incorrect or missing DKIM, but not so much on the MTA-STS at this point, not all servers support it yet.
  • SPF, DKIM, and DMARC are about authentication. They answer the question: "Is this email really from who it says it's from?" This is fundamental to proving you are a legitimate sender and building the trust needed for good deliverability.
  • MTA-STS is about encryption. It answers the question: "Is the connection this email is traveling over secure?" It protects the message content during transit but doesn't verify the sender's identity.

The role of TLS-RPT in implementation

To avoid accidentally blocking legitimate emails, MTA-STS is usually implemented alongside TLS Reporting (TLS-RPT). TLS-RPT allows receiving domains to send reports back to the sender about connection failures.

www.duocircle.com logo
DuoCircle says:
Visit website
TLS reports are used for supporting the MTA-STS protocol, which ensures the encryption of emails before delivering them.

This allows domain owners to start with a testing policy, gather data on which connections are failing, fix any issues, and only then move to an enforce policy once they are confident it won't disrupt their email flow.

Conclusion

MTA-STS is a vital email security protocol that hardens your defenses against in-transit attacks. However, it is not a tool for improving email deliverability. Its purpose is to enforce encryption, which can sometimes lead to emails being deliberately rejected for security reasons.

For deliverability, your focus should remain squarely on proper authentication with SPF, DKIM, and a DMARC policy, along with maintaining a good sender reputation and sending high-quality, engaging content. MTA-STS is a complementary standard that protects your already-authenticated mail, adding another important layer to your overall email strategy.

Start improving your email deliverability today

Get started