MTA-STS Checker

MTA-STS enforces TLS for inbound email delivery and reduces downgrade attacks.

Result for galaxyno-casino.bet

Not Found

FAQ

What does MTA-STS protect against?
It reduces downgrade and MITM risks by enforcing TLS for inbound email delivery.
Is DNS record enough for MTA-STS?
No, you also need a policy file on https://mta-sts.<domain>/.well-known/mta-sts.txt.
How often is MTA-STS checked?
Receiving servers cache policy and refresh periodically depending on their implementation.
Do I need TLS-RPT as well?
It is recommended - TLS-RPT gives reports about TLS delivery problems.
Why is it still not enforced?
Policy mode and MX configuration must match; DNS and HTTPS endpoints must be reachable.

What is MTA-STS?

MTA-STS is a standard that lets domain owners publish a policy that mail servers should use TLS when delivering mail to your domain.

DNS Example

v=STSv1; id=20240101000000Z

Common mistakes

  • Publishing DNS record but missing the HTTPS policy file.
  • Policy file not served over HTTPS or has invalid content.
  • MX hosts not matching policy mode/enforcement.

Related pages

More Email Tools