Skip to main content
SecScannerSecScanner
Security ChecksFree ToolsPricingBlog
Get Started
Sign InGet Started
All Security Checks
DNSMedium PriorityPro

MTA-STS Policy

MTA-STS (Mail Transfer Agent Strict Transport Security) enforces TLS encryption for emails sent to your domain, preventing SMTP downgrade attacks.

Why It Matters

Without MTA-STS, email in transit can be intercepted through SMTP downgrade attacks where an attacker strips TLS from mail server connections. MTA-STS ensures encryption is mandatory.

How We Check

We verify the _mta-sts DNS TXT record exists with proper v=STSv1 format, then fetch and validate the policy file at https://mta-sts.{domain}/.well-known/mta-sts.txt.

How to Fix

Add a TXT record at _mta-sts.{domain}: 'v=STSv1; id=<unique_id>'. Host the policy file at mta-sts.{domain}/.well-known/mta-sts.txt with version, mode, mx entries, and max_age.

Related Security Checks

DNS

Email Domain Security (SPF/DKIM/DMARC)

DNS

SPF Lookup Limit

DNS

BIMI Records

Related Tool

DNS Security Checker

Run all 6 related checks with our free dns security checker

Check Your Website Now

Run a free security scan to check for MTA-STS Policy issues and 58+ other security vulnerabilities.

Scan Your Website Free

Product

  • Security Checks
  • Free Tools
  • SSL Checker
  • Vulnerability Scanner
  • Email Security
  • Pricing
  • Compliance
  • Security Reports

Popular Checks

  • CSP Check
  • HSTS Check
  • TLS Version Check
  • SSL Expiry Check
  • SPF/DKIM/DMARC Check
  • Cookie Security Check
  • JS Vulnerability Scan
  • OCSP Stapling Check

Resources

  • Blog
  • Glossary
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Refund Policy
  • Cookie Policy

© 2025-2026 SecScanner. All rights reserved.