MTA-STS (RFC8461) is a new standard that makes it possible to send downgrade-resistant email over SMTP. In that sense, it is like an alternative to DANE. It does this by piggybacking on the browser Certificate Authority model. This validator checks whether a domain adheres to the RFC. An alternative validator is Hardenize, which checks for much more than just MTA-STS
To enable Strict Transport Security on your mailserver configure the following things:
_smtp._tlson your domain, e.g.
_smtp._tls.example.com, with something like
_mta-stson your domain, e.g.
_mta-sts.example.com, with something like
mta-ststo your domain (note the lack of an underscore) and serve a policy file on
https://mta-sts.example.com/.well-known/mta-sts.txt. Here is an example policy file:
version: STSv1 mode: enforce max_age: 10368000 mx: mail.example.com mx: *.example.net mx: backupmx.example.com
Unknown error in the server. May be a rate-limit.