SPF Lookup
Sender Policy Framework
MX Lookup
Mail Exchange records
DKIM Lookup
DomainKeys Identified Mail
DMARC Lookup
Email authentication
BIMI Lookup
Brand logo record
MTA-STS Lookup
Enforced TLS policy
PTR Lookup
Reverse DNS / rDNS
Blacklist Check
50+ DNSBL blacklists
Header Analyzer
Email header parsing
NS Lookup
Nameserver query
IP Lookup
IP address details
MTA-STS lookup
Check your MTA-STS (Mail Transfer Agent Strict Transport Security) DNS record and the
.well-known/mta-sts.txt policy file in one go. Force TLS encryption for SMTP
traffic to your domain.
About MTA-STS
MTA-STS (Mail Transfer Agent Strict Transport Security) is a security standard (RFC 8461) that forces sending servers to use TLS when sending email to your domain. This protects against downgrade and man-in-the-middle attacks.
It has two components: a TXT record at _mta-sts.<domain> and a policy file published over HTTPS at https://mta-sts.<domain>/.well-known/mta-sts.txt. The policy file specifies mode (enforce / testing / none), MX hosts and max_age.
Benefits of MTA-STS
- Enforced TLS
Forces sending servers to use TLS when emailing you.
- Downgrade Protection
Blocks STARTTLS stripping attacks.
- MX Restrictions
Delivery only happens to whitelisted MX hosts.
- Pairs with TLS-RPT
Together with TLS-RPT, you can build a reporting pipeline.