🔒

MTA-STS Checker

MTA-STS (Mail Transfer Agent Strict Transport Security) tells sending mail servers that your domain requires encrypted TLS connections. Without it, attackers can potentially downgrade connections and intercept email in transit. Enter a domain to verify your MTA-STS policy is correctly published and reachable.

What does this check?

Whether an MTA-STS DNS TXT record exists at _mta-sts.[domain]
Reachability of the policy file at https://mta-sts.[domain]/.well-known/mta-sts.txt
Policy mode: none, testing, or enforce
Listed MX hostnames and whether they match your actual MX records
Policy max-age and whether it provides adequate protection