Platform & Services
Company
Platform & Services
Company
- Copyright © Sendmarc
- Website terms
- Privacy policy
- Terms of service
- Security
An MTA-STS record checker is a specialized tool that helps domain owners verify the presence, correctness, and functionality of their MTA-STS records.
_mta-sts.yourdomain.comid are correctYour business can also check its domain’s vulnerability with our Know Your Score tool.
MTA-STS is an email security protocol that enforces encrypted transmission between sending and receiving email servers. It protects email traffic from MitM and downgrade attacks.
Without MTA-STS, cybercriminals can intercept messages or downgrade connections to bypass encryption, putting sensitive information at risk. MTA-STS can ensure that emails are only delivered over encrypted channels, which strengthens trust, improves deliverability, and helps companies comply with modern security standards.
Implementing and regularly validating a record is critical for multiple reasons:
Interested in checking your business’s record?
Follow these steps to validate your company’s MTA-STS configuration using Sendmarc’s MTA-STS validator.
Input the domain into the record checker.
The tool checks for the required DNS TXT record at _mta-sts.yourdomain.com and fetches the record.
The checker confirms that the TXT record exists and is correctly formatted (it must begin with v=STSv1 and include an id).
If the checker identifies issues, users should review their records to understand what’s misconfigured and update accordingly.
_mta-sts.yourdomain.com using the following format:
| Host | Type | Value |
|---|---|---|
| _mta-sts.yourdomain.com | TXT | v=STSv1; id=ID; |
id field when the policy file changes.
- version: STSv1
- mode: enforce/testing/none
- mx: mail.yourdomain.com
- max_age: 604 800
mode and mx values based on your business’s infrastructure.
id in your company’s DNS TXT record each time the policy file is modified. This requests that sending servers fetch the updated version. An MTA-STS record is a DNS TXT record that shows that a domain supports Mail Transfer Agent Strict Transport Security (MTA-STS). This record instructs external email servers to fetch and enforce the domain’s email security policy.
A valid MTA-STS record is a TXT record located at _mta-sts.yourdomain.com and should follow this format:
| Host | Type | Value |
|---|---|---|
| _mta-sts.yourdomain.com | TXT | v=STSv1; id=ID; |
The record must begin with v=STSv1 and include an id value to signal updates to the policy file.
If an MTA-STS record is missing or incorrect, encryption might not be enforced on your organization’s emails. This exposes it to risks such as message interception and manipulation.
id whenever the policy changes, and host a valid policy file.
Use Sendmarc’s MTA-STS checker to validate the configuration after making changes. Proper implementation of MTA-STS improves email deliverability by increasing receiving email servers’ trust, reducing the chance of message rejection and Spam/Junk filtering.
Yes, MTA-STS is still necessary even if your business has Transport Layer Security Reporting (TLS-RPT) enabled. While TLS-RPT provides reporting on delivery and encryption issues, MTA-STS actively enforces encrypted delivery. These protocols are complementary and should be used together for effective email security.
Use Sendmarc’s MTA-STS record checker to ensure your organization is protected against email interception and modification.
Sign up for a free trial of Sendmarc’s advanced email authentication platform to take full control of your business’s email security. Defend your company from spoofing, phishing, and other email-based threats.
Protect your organization’s emails. Build trust. Improve deliverability.