SMTP MTA Strict Transport Security (MTA-STS) is designed to protect domain owners from active downgrade and interception attacks against SMTP’s opportunistic use of Transport Layer Security (TLS).
SMTP MTA-STS is a work in progress and this tool is provided to assist domain owners in publishing a policy. We examine the following locations:
- _mta-sts DNS record (e.g., _mta-sts.example.com).
- RFC5785 “well-known” path of .well-known/mta-sts.json (e.g., https://mta-sts.example.com/.well-known/mta-sts.json).
The tool currently does not evaluate IETF draft-00 or draft-01 versions of the spec so policies at _mta_sts.example.com or with v=STS1 are considered invalid.
Checking draft 2 & 3 policies. Draft 3 support added March 31, 2017.