How to check MTA-STS
Learn how to validate MTA-STS using both the DNS TXT record and the hosted HTTPS policy file.
What to check
An MTA-STS deployment depends on two main pieces: the DNS TXT record under _mta-sts and the policy file hosted over HTTPS.
Both pieces need to be present and internally consistent.
Policy file basics
The policy file is typically hosted at mta-sts.yourdomain/.well-known/mta-sts.txt.
It should declare the mode, MX patterns, and max_age.
Common checks
- Whether the TXT record exists
- Whether the HTTPS policy file is reachable
- Whether the MX patterns in the policy make sense
- Whether TLS-RPT is also configured