MTA-STS - encryption you can enforce

MTA-STS lets your domain insist that other mail servers connect to you over encryption - closing a gap that attackers can otherwise use to quietly intercept inbound mail.

d SPF DKIM DMARC MTA-STS TLS-RPT DNSSEC Blacklist

What it is

MTA-STS (Mail Transfer Agent Strict Transport Security) is a policy you publish that tells other mail servers: "only deliver to me over a verified, encrypted connection." It removes the silent fallback to plain-text delivery that email otherwise allows.

Why it matters

Where SPF, DKIM and DMARC protect mail sent as you, MTA-STS protects mail sent to you. Without it, an attacker positioned in the network can downgrade the connection and read or alter inbound messages.

What "good" looks like

A policy published and served correctly, moved from testing to enforce once you're confident, paired with TLS reporting so you can see any delivery problems before they bite. The fiddly part is hosting and maintaining the policy correctly over time - something we handle and monitor.

Related: SPF · DKIM · DMARC · TLS-RPT · DNSSEC · Blacklist monitoring

See where your MTA-STS stands

DMARCER hosts, checks and monitors your MTA-STS policy so inbound mail stays encrypted.

Get started

Free domain check

Check your domain security

See how your domain's security compares to your competitors.