MTA-STS Checker
Check if your MTA-STS (SMTP MTA Strict Transport Security) policy is configured correctly
About MTA-STS
MTA-STS (SMTP MTA Strict Transport Security) is a security standard that enables mail service providers to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections, and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.
How MTA-STS Works
- Sending mail server checks for MTA-STS DNS record at _mta-sts.yourdomain.com
- If record exists, fetches policy file from https://mta-sts.yourdomain.com/.well-known/mta-sts.txt
- Policy specifies which MX hosts support TLS and the enforcement mode
- Sending server enforces TLS when delivering email based on policy
Policy Modes
- testing
- Monitor mode - emails are delivered but failures are reported
- enforce
- Strict mode - emails must use TLS or delivery fails
- none
- Disabled - MTA-STS is not active
Recommendation: Start with mode "testing" to monitor compatibility, then move to "enforce" for maximum security.
Related Tools
Monitor MTA-STS Policy Health
Get real-time monitoring of your MTA-STS policy and TLS-RPT configuration. Receive alerts for policy issues and delivery failures.
No credit card required • Free monitoring for 14 days • Setup in 5 minutes