MTA-STS Record and Policy Generator

Mail Transfer Agent Strict Transport Security (MTA-STS) is an email security protocol that ensures encryption for all emails sent to your domain. MTA-STS setup includes publishing a policy file on your website, which informs senders about:

• the domain name of your email server,
• the required Transport Layer Security (TLS) version
• whether or not you allow downgrades.

The sending server checks if the email is being sent over a secure connection. If it’s not secure, the sending server won’t deliver the email.

MTA-STS boosts email security by

• preventing man-in-the-middle attacks
• protecting email confidentiality,
• improving email deliverability.

1. Create an MTA-STS policy file. This is a text document containing:

• your email server’s domain name
• the required TLS version
• whether or not you allow downgrades
• the maximum age of the policy file

You can create the policy file manually, but using a tool eliminates possible errors.

2. Publish the policy file on your website. The website must be protected using HTTPS. Upload the file to your domain's web server or content delivery network (CDN).

3. Configure your email servers to enforce MTA-STS. Configuring your email servers to enforce MTA-STS largely depends on what software you use, as each has specific rules. Once done, start testing the configuration to ensure it works properly.

No expert knowledge is required to set up and manage MTA-STS and TLS reporting with EasyDMARC. Due to our user-friendly and intuitive platform, you can configure and manage email security protocols even if you don’t have an IT department.

TLS uses Encryption, Authentication, and Integrity to protect sensitive information in transit. It guards against threats like eavesdropping, man-in-the-middle attacks, replay attacks, and spoofing. TLS secures web browsing, email, messaging, and voice-over-IP (VoIP) communications.