MTA-STS (RFC8461) is a new standard that makes it possible to send downgrade-resistant email over SMTP. In that sense, it is like an alternative to DANE. It does this by piggybacking on the browser Certificate Authority model. This validator checks whether a domain adheres to the RFC. An alternative validator is Hardenize, which checks for much more than just MTA-STS
To enable Strict Transport Security on your mailserver configure the following things:
_smtp._tls
on your domain, e.g. _smtp._tls.example.com
, with something like v=TLSRPTv1; rua=mailto:mta-sts@example.com
._mta-sts
on your domain, e.g. _mta-sts.example.com
, with something like v=STSv1; id=20160831085700Z
.mta-sts
to your domain (note the lack of an underscore) and serve a policy file on https://mta-sts.example.com/.well-known/mta-sts.txt
. Here is an example policy file:
version: STSv1 mode: enforce max_age: 10368000 mx: mail.example.com mx: *.example.net mx: backupmx.example.com
Created by: Ayke (source code). If you encounter any errors, you can create a bug report or alternatively send me a personal message.
Loading...
Rate limited!
Unknown error in the server. May be a rate-limit.