The short answer is yes, MTA-STS (Mail Transfer Agent Strict Transport Security) does protect against passive monitoring, but it does so indirectly. Its primary role is to prevent active attacks that would make passive monitoring possible.
To understand how, we first need to look at how email encryption works in transit and where its weaknesses lie.
The role of STARTTLS and opportunistic encryption
When one mail server sends an email to another, it can do so over an encrypted connection. The process that initiates this encryption is called STARTTLS. When a sending server connects to a receiving server, it can issue the STARTTLS command to upgrade the connection from a plain-text one to a secure, encrypted one using TLS (Transport Layer Security).
This encryption is what directly protects the contents of your email from passive monitoring, also known as traffic sniffing or eavesdropping. If an attacker is listening in on the network traffic between the two servers, TLS encryption makes the data unreadable. As RSI Security notes, this provides a good baseline defense.
The problem is that STARTTLS is "opportunistic." The sending server will try to use it if it's available, but if it's not, or if an attacker tricks the sender into thinking it's not, the email is simply sent in plain text. This is where the vulnerability lies.
How MTA-STS prevents downgrade attacks
MTA-STS was created to solve this very problem. It allows a domain to publish a policy that tells sending servers they must use TLS encryption. An attacker can no longer simply strip the STARTTLS advertisement to force a downgrade to plain text. If a secure connection cannot be established according to the MTA-STS policy, the email will not be delivered.
This mechanism effectively closes the loophole that allows for downgrade attacks. By enforcing encryption, MTA-STS ensures the protection offered by STARTTLS is always used, thus indirectly protecting the email from being exposed to passive monitoring.
- Without MTA-STS: An attacker can intercept the connection and tell the sending server that TLS is not supported. The email is then sent unencrypted and is vulnerable to passive monitoring.
- With MTA-STS: The sending server first checks for an MTA-STS policy. It sees that encryption is mandatory. If an attacker tries the same downgrade attack, the sending server will refuse to send the email over an insecure connection, thwarting the attack.
Limitations of MTA-STS
It is important to remember that MTA-STS is not a silver bullet. It is part of a layered approach to email security. As noted in a Proton blog post, it primarily works against downgrade attacks. It does not protect against an attacker who has managed to obtain a valid TLS certificate for the domain, nor does it help if the receiving server has no support for TLS in the first place.
In summary, while STARTTLS provides the actual encryption that blocks passive sniffing, MTA-STS acts as a security policy that ensures encryption is always enforced. By preventing downgrade attacks, MTA-STS protects your emails from being sent in the clear, which is a crucial step in defending against passive monitoring.
