Office 365 brings a major improvement in email security making Man-in-the-middle attacks far more difficult to execute. Microsoft has introduced a new security layer to its Office 365 email service in order to ensure the integrity of messages leaving and receiving the system.
The company claims that its new protection, SMTP MTA Strict Transport Security (MTA-STS), which it initially introduced in H2 2020, will fix issues including expired TLS certificates, third-party certificate problems, and unsupported secure protocols.
Microsoft stated in an announcement that “We have been validating our implementation and are now pleased to announce support for MTA-STS for all outgoing messages from Exchange Online.”
Office 365 email security update
In reality, this means that any emails sent using Exchange Online will only be sent through connections that are both authenticated and encrypted.
Downgrade and man-in-the-middle attacks should be impossible, or at least extremely difficult, to carry out.
“Downgrade attacks are possible where the STARTTLS response can be deleted, thus rendering the message in cleartext. Man-in-the-middle (MITM) attacks are also possible, whereby the message can be rerouted to an attacker’s server,”Added to the announcement.
“MTA-STS (RFC8461) helps thwart such attacks by providing a mechanism for setting domain policies that specify whether the receiving domain supports TLS and what to do when TLS can’t be negotiated, for example stop the transmission.”
Those interested to learn more about MTA-STS should visit this page, where Microsoft discusses the procedure in details.
The company is now striving to improve the security for Office 365 email. In the future months, DANE for SMTP (DNS-based Authentication of Named Entities), which is supposed to provide even greater protection than MTA-STS, will be launched.
“We will deploy support for DANE for SMTP and DNSSEC in two phases. The first phase, DANE and DNSSEC for outbound email (from Exchange Online to external destinations), is slowly being deployed between now and March 2022. We expect the second phase, support for inbound email, to start by the end of 2022,” The Exchange team as cited by BleepingComputer.
“We’ve been working on support for both MTA-STS and DANE for SMTP. At the very least, we encourage customers to secure their domains with MTA-STS,” added by Microsoft.
“You can use both standards on the same domain at the same time, so customers are free to use both when Exchange Online offers inbound protection using DANE for SMTP by the end of 2022. By supporting both standards, you can account for senders who may support only one method.”