MTA-STS is a new standard (still in development) that makes it possible to send downgrade-resistant email over SMTP. In that sense, it is like an alternative to DANE. It does this by piggybacking on the browser Certificate Authority model.
Note: this validator is based on the current draft specification as of june 28, 2018. Some parts might change before the final publication. To see which changes haven't been included in this validator yet, see this diff. The currently implemented specification is MTA-STS draft 21 and SMTP-TLSRPT draft 23.
To enable Strict Transport Security on your mailserver configure the following things:
_smtp._tlson your domain, e.g.
_smtp._tls.example.com, with something like
_mta-stson your domain, e.g.
_mta-sts.example.com, with something like
mta-ststo your domain (note the lack of an underscore) and serve a policy file on
https://mta-sts.example.com/.well-known/mta-sts.txt. Here is an example policy file:
version: STSv1 mode: enforce max_age: 10368000 mx: mail.example.com mx: *.example.net mx: backupmx.example.com
Unknown error in the server. May be a rate-limit.