MTA-STS Record Checker

Ensure emails are encrypted in transit – validate your MTA-STS policy instantly and fix configuration issues in seconds.

Real-time MTA-STS Checker
Please enter a valid domain name, without http:// prefix

Don’t have an MTA-STS record?

Create one now

How to use the MTA-STS Record Checker

Step 1: Enter your domain

Type in your domain name

Step 2: Click Run MTA-STS Check

Sit back and let our tool query your DNS to fetch your MTA-STS policy file.

Step 3: Review Results

Read the summary, dig into detailed findings, and review suggested fixes.

Step 4: Fix & Recheck

Apply recommended changes, then rerun the check until status = Valid.

What is MTA-STS?

MTA-STS (Mail Transfer Agent Strict Transport Security) is an email security protocol that ensures emails are transmitted securely over encrypted (TLS) connections between mail servers. It helps prevent attackers from intercepting or tampering with messages during transit.

Why MTA-STS matters

  • Prevents downgrade attacks & man-in-the-middle (MITM)

  • Ensures safe mail transport and helps with compliance

How PowerDMARC helps

Ensure-Compliance

Hosted MTA-STS

We help you host and manage your TLS certificates and MTA-STS policy web server, so you save time and effort!

Monitoring & Alerts

You get real-time alerts if validation fails!

Instant Analysis

One dashboard for DMARC, TLS-RPT, and MTA-STS health checks.

Get Started with Hosted MTA-STS

Make Your Email Communications Airtight!

Validate your MTA-STS record Speak to an Expert

Frequently Asked Questions

While MTA-STS mainly focuses on email security, it can also positively impact deliverability by ensuring that your domain is trusted and capable of secure communication. Mail servers that prefer secure connections are more likely to deliver messages reliably when MTA-STS is in place.

Your MTA-STS policy file should be hosted at this URL: https://mta-sts.yourdomain.com/.well-known/mta-sts.txt

It must be accessible via HTTPS with a valid SSL/TLS certificate.

 

Once you update your MTA-STS policy, changes typically take effect after the max-age period defined in your policy file expires.

Testing: This means that the MTA-STS policy is active but not strictly enforced. In this scenario, mail servers will report issues without rejecting emails.

Enforce: This means that the MTA-STS policy is fully active and requires all incoming mail to use a secure TLS connection to land in your inbox. Unencrypted emails will be rejected.

Perform an MTA-STS check for your domain’s record with our free MTA-STS record checker tool today!

Validate Your BIMI Record Now Speak to an Expert