<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=986590804759414&amp;ev=PageView&amp;noscript=1">
G Suite Admins Blog > Security and Governance

Google Mail with MTA-STS


Gmail is the first major provider to follow the new standard called MTA Strict Transport Security (MTA-STS) RFC 8461 and TLS Reporting RFC 8460.

All of the email providers uses SMTP (Simple Mail Transfer Protocol) to send and received emails. SMTP servers don’t have added security to prevent malicious attacks such as man-in-the-middle attacks. Using MTA-STS to secure mail server connections helps prevent these types of attacks.

MTA-STS is a mechanism enabling mail service providers to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections and to specify whether sending SMTP servers should refuse to deliver to the MX hosts that do not offer TLS with a trusted server certificate.

The MTA-STS TXT record is a TXT record with the name '_mta-sts' at the Policy Domain. For the domain 'example.com', this record would be '_mta-sts.example.com'.

An example TXT record is as below:

_mta-sts.example.com. IN TXT 'v=STSv1; id=20160831085700Z;'

The 'id' is used to track policy updates. This allows the sending server to determine when the policy has been updated.