What is
MTA-STS?
MTA-STS enforces secure TLS connections for email transmission, preventing man-in-the-middle attacks on email delivery.
Why it
matters.
MTA-STS prevents attackers from intercepting emails in transit by forcing encrypted connections. Critical for protecting business email communications.
What can
go wrong.
If MTA-STS is not configured: email transmission can be intercepted, attackers can downgrade to unencrypted connections, and sensitive business communications are at risk.
Technical
details.
MTA-STS requires: 1) _mta-sts.domain.com TXT record with "v=STSv1", 2) Policy file at https://mta-sts.domain.com/.well-known/mta-sts.txt with "mode: enforce", 3) Valid SSL certificate. Mode "enforce" means strict enforcement, "testing" is monitoring only.
Check your domain’s
MTA-STS policy.
Run a free security check to see how your domain scores across all sixteen checks, including MTA-STS validation.