MTA-STS Lookup Tool

Check Mail Transfer Agent Strict Transport Security records

MTA-STS (Mail Transfer Agent Strict Transport Security) enables mail service providers to declare their ability to receive TLS-secured connections and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.

Domain Lookup

Enter a domain name to check its MTA-STS DNS records and policy configuration

Try examples:

Ready to Check MTA-STS Records

Enter a domain name above to check its MTA-STS DNS records and policy configuration.

What is MTA-STS?

MTA-STS (Mail Transfer Agent Strict Transport Security) is an email security standard that enables mail service providers to declare their ability to receive TLS-secured connections and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.

Key Components:

DNS TXT Record: Published at _mta-sts.domain.com to advertise MTA-STS support
Policy File: Hosted at https://mta-sts.domain.com/.well-known/mta-sts.txt
Mode: Can be "enforce", "testing", or "none"
Max Age: How long the policy should be cached

How MTA-STS Works:

Sending mail server checks for _mta-sts.domain.com TXT record
If found, fetches the policy file from https://mta-sts.domain.com/.well-known/mta-sts.txt
Validates that the receiving MX servers support TLS and have valid certificates
Enforces the policy based on the specified mode