SMTP MTA-STS Policy Check

Check the SMTP MTA-STS policy of a domain

SMTP MTA Strict Transport Security (MTA-STS) is designed to protect domain owners from active downgrade and interception attacks against SMTP’s opportunistic use of Transport Layer Security (TLS).

SMTP MTA-STS is a work in progress and this tool is provided to assist domain owners in publishing a policy. We examine the following locations:

  1. _mta-sts DNS record (e.g., _mta-sts.example.com).
  2. RFC5785 “well-known” path of .well-known/mta-sts.json (e.g., https://mta-sts.example.com/.well-known/mta-sts.json).

The tool currently does not evaluate IETF draft-00 or draft-01 versions of the spec so policies at _mta_sts.example.com or with v=STS1 are considered invalid.

Checking draft 2 & 3 policies. Draft 3 support added March 31, 2017.

Lookup a domain's
MTA-STS Policy

Menu