MTA-STS Checker
Enter a domain to check if MTA-STS is enabled. Validate the DNS TXT record and the HTTPS-hosted policy file.
What is MTA-STS?
MTA-STS (Mail Transfer Agent Strict Transport Security) is a mechanism that allows mail service providers to declare their ability to receive TLS-secured connections. It prevents downgrade attacks and ensures email is transmitted over encrypted connections.
How MTA-STS Works
MTA-STS requires two components:
1. DNS TXT Record
Published at
v=STSv1; id=20240101T000000 2. HTTPS Policy File
Hosted at
version: STSv1
mode: enforce
mx: mail.example.com
max_age: 604800 MTA-STS Policy Modes
mode: enforce Sending servers must use TLS. Emails not delivered if TLS fails.
mode: testing Failures are reported via TLS-RPT but emails are still delivered.
mode: none MTA-STS is disabled. Equivalent to not having it.
Why Enable MTA-STS?
Without MTA-STS, email between servers can be transmitted in plaintext if an attacker performs a TLS downgrade attack. MTA-STS ensures that sending servers verify TLS certificates and refuse to deliver over unencrypted connections.
It is especially important for organizations handling sensitive communications — healthcare, finance, legal, and government sectors.