DMARCER
Sign in Get started
Free tool

MTA-STS checker & generator

Check an existing MTA-STS record, or build a new record and policy file - which forces inbound mail to be delivered over TLS.

Check your record

Enter a domain to see whether it publishes the MTA-STS DNS record.

Build a record

Generate the MTA-STS DNS record and the policy file. Start in testing mode, then move to enforce.

1. DNS TXT record at _mta-sts.yourdomain.com


            
2. Policy file at https://mta-sts.yourdomain.com/.well-known/mta-sts.txt

            

            
        

    


    

    

        
What this tells you

        
MTA-STS tells sending servers to deliver your inbound mail only over a valid TLS connection – closing off downgrade and interception attacks. This tool checks the DNS record at _mta-sts.yourdomain.com. A full setup also needs a policy file hosted on HTTPS with a valid certificate – which hosted MTA-STS manages for you. Run a full check for the complete picture.

    

    

    

        
What is MTA-STS? →
The basics, in plain English.

        
Hosted MTA-STS →
Policy & certificate, managed for you.

        
TLS-RPT checker →
Check the reporting that goes with it.

    

    







        

    

        

            

                

                     Free domain check
                    
Check your domain security

                    
See how your domain's security compares to your competitors.