🔒 MTA-STS Checker

What is MTA-STS?

MTA-STS (Mail Transfer Agent Strict Transport Security) is a security standard that enables mail servers to declare their ability to receive TLS-secured connections. It helps prevent man-in-the-middle attacks and downgrade attacks on email delivery.

How MTA-STS Works

• DNS Record: A TXT record at _mta-sts.domain.com signals that MTA-STS is enabled
• Policy File: A file hosted at https://mta-sts.domain.com/.well-known/mta-sts.txt defines the policy
• Modes: enforce (required), testing (monitor), or none (disabled)

Policy Modes

• none — No TLS requirement (effectively disabled)
• testing — TLS is preferred, failures are reported via TLS-RPT but mail is still delivered
• enforce — TLS is required, connections without TLS are rejected