MTA-STS & TLS-RPT Checker

Check if your domain enforces email transport encryption with MTA-STS and receives TLS failure reports via TLS-RPT.

What is MTA-STS?

MTA-STS (Mail Transfer Agent Strict Transport Security) tells sending servers that your domain requires TLS encryption for email delivery. Without it, emails can be downgraded to unencrypted connections via man-in-the-middle attacks.

What is TLS-RPT?

TLS-RPT (TLS Reporting) sends you reports when other servers fail to establish TLS connections to your mail server. It's the TLS equivalent of DMARC aggregate reports.

How to Set Up

1. Add a _mta-sts DNS TXT record: v=STSv1; id=20260331
2. Host a policy file at https://mta-sts.yourdomain.com/.well-known/mta-sts.txt
3. Add a _smtp._tls DNS TXT record for TLS-RPT: v=TLSRPTv1; rua=mailto:tls-reports@yourdomain.com