MTA-STS & TLS Tools

Ensure email connections to your domain are encrypted with MTA-STS (Mail Transfer Agent Strict Transport Security) and monitor TLS reporting.

MTA-STS Checker

Navigate to Tools → MTA-STS & TLS → MTA-STS Checker. Validates:

  • DNS record at _mta-sts.yourdomain.com
  • Policy file at https://mta-sts.yourdomain.com/.well-known/mta-sts.txt
  • Policy mode (enforce, testing, none)
  • Certificate validity on the policy hosting domain

MTA-STS Generator

Create the DNS record and policy file:

  1. Enter your domain and mail servers (MX hosts)
  2. Choose a policy mode (start with testing, then move to enforce)
  3. Set the policy max age (recommended: 604800 seconds / 1 week)
  4. Copy the generated DNS TXT record and policy file content

What You'll Need to Publish

DNS TXT record at _mta-sts.yourdomain.com:

v=STSv1; id=20260418;

Policy file at https://mta-sts.yourdomain.com/.well-known/mta-sts.txt:

version: STSv1
mode: enforce
mx: mail.yourdomain.com
max_age: 604800

TLS-RPT Checker

Verify your TLS-RPT reporting configuration by checking the DNS record at _smtp._tls.yourdomain.com.

Your domain is being tested right now.
Are you watching?

Protect your brand and improve deliverability — automatically, with continuous monitoring and alerts.

Start Free — No Credit Card View Pricing →