MTA-STS is a new standard (still in development) that makes it possible to send downgrade-resistant email over SMTP. In that sense, it is like an alternative to DANE. It does this by piggybacking on the browser Certificate Authority model.
Note: this validator is based on the current draft specification as of june 28, 2018. Some parts might change before the final publication. To see which changes haven't been included in this validator yet, see this diff. The currently implemented specification is MTA-STS draft 21 and SMTP-TLSRPT draft 23.
To enable Strict Transport Security on your mailserver configure the following things:
_smtp._tls on your domain, e.g. _smtp._tls.example.com, with something like v=TLSRPTv1; rua=mailto:mta-sts@example.com._mta-sts on your domain, e.g. _mta-sts.example.com, with something like v=STSv1; id=20160831085700Z.mta-sts to your domain (note the lack of an underscore) and serve a policy file on https://mta-sts.example.com/.well-known/mta-sts.txt. Here is an example policy file:
version: STSv1 mode: enforce max_age: 10368000 mx: mail.example.com mx: *.example.net mx: backupmx.example.com
Created by: Ayke (source code). If you encounter any errors, you can create a bug report or alternatively send me a personal message.
Loading...
Rate limited!
Unknown error in the server. May be a rate-limit.