MTA-STS Generator
Create your MTA-STS policy and DNS record in seconds. Secure your email transport with TLS.
Your MTA-STS Configuration is Ready!
Copy and add to your DNS settings
Record Type
TXT
Hostname
_mta-sts.example.com
Value
v=STSv1; id=20240101T000000
Policy File Location
https://mta-sts.example.com/.well-known/mta-sts.txt
Content
version: STSv1 mode: testing mx: mail.example.com max_age: 86400
Setup Instructions
- Add the DNS TXT record to your domain's DNS settings
- Create the policy file and host it at the specified URL
- Ensure the policy file is served over HTTPS with a valid SSL certificate
- Wait for DNS propagation (can take up to 48 hours)
- Test your MTA-STS configuration with our checker tool
Test Before Enforcing
Start with testing mode for 1-2 weeks to ensure all your mail servers support TLS properly. Enforce mode will reject emails from servers that don't support TLS.
Understanding MTA-STS
What is MTA-STS?
MTA-STS (SMTP MTA Strict Transport Security) enables mail service providers to declare their ability to receive TLS-secured SMTP connections and to specify whether sending servers should refuse to deliver emails to MX hosts that don't offer TLS with a trusted certificate.
Policy Modes
testing (Monitor Mode)
Emails are delivered but TLS failures are reported. Perfect for initial setup. Start here!
enforce (Strict Mode)
Emails must be delivered over TLS or they will be rejected. Maximum security after testing period.
none (Disabled)
MTA-STS is disabled. Use this to temporarily disable the policy.
💡 Recommended Implementation Path
- Week 1-2: Start with mode=testing to monitor TLS support
- Review logs: Ensure all email delivery is working correctly
- Week 3+: Move to mode=enforce for maximum security
- Update ID: Change the ID in DNS record whenever you update the policy
Related Tools
Automate MTA-STS Management
Monitor your MTA-STS policy 24/7, get alerts for configuration issues, and ensure encrypted email delivery with automatic validation.
No credit card required • Free monitoring for 14 days • Setup in 5 minutes