Validates MTA-STS for secure email transmission
Validates MTA-STS (Mail Transfer Agent Strict Transport Security) configuration for secure email transmission.
This checker validates MTA-STS (Mail Transfer Agent Strict Transport Security) configuration for secure email transmission. It checks:
MTA-STS Record Presence: Verifies that a TXT record exists at _mta-sts.domain
Valid MTA-STS Version: Confirms the record starts with v=STSv1
HTTP Policy File: Attempts to fetch the policy file from https://mta-sts.domain/.well-known/mta-sts.txt
Policy Mode: Validates the policy mode (enforce, testing, none) from the policy file
The checker performs DNS TXT record lookups and HTTP requests to validate the complete MTA-STS configuration. Note that MTA-STS is optional, so missing records result in warnings, not failures.
| Status | Condition | Test Logic | Description |
|---|---|---|---|
| SUCCESS | MTA-STS properly enforced | - MTA-STS record exists with valid syntax - Policy mode set to enforce - HTTP policy file accessible and valid | Domain has enforced MTA-STS policy for secure email transmission |
| WARNING | MTA-STS missing or has issues | - No MTA-STS record found (optional) - MTA-STS record exists but malformed - Policy mode is testing or none - Policy file fetch failed - HTTP error when fetching policy | MTA-STS is optional; missing or misconfigured records result in warnings |
| FAIL | Never occurs | - This checker never returns FAIL status | MTA-STS is optional and never causes failures |
| ERROR | Technical failure | - DNS lookup failed - HTTP request failed - Network connectivity issues - Invalid domain format | Technical error occurred during MTA-STS validation |
If MTA-STS is missing or misconfigured, the following risks apply:
Man-in-the-Middle Attacks: Email transmission may be vulnerable to interception
Downgrade Attacks: Attackers may force email connections to use weaker encryption
Email Interception: Sensitive emails may be compromised during transmission
Compliance Violations: Some industries require MTA-STS for secure email transmission
Trust Issues: Email providers may flag your domain as less secure
Data Breach Risk: Unencrypted email transmission may lead to data exposure
Regulatory Issues: Failure to implement secure email transmission may violate regulations
Business Communication Risk: Sensitive business communications may be compromised
Add this checker to your monitoring setup and start identifying issues on your websites today.