MTA-STS Record Generator

Generate MTA-STS DNS record and policy file to enforce TLS on inbound email

Configure MTA-STS Policy

Add the mail server hostnames that should be allowed. Use * as a wildcard prefix.

1. DNS TXT Record

Record Name
_mta-sts.
TXT Value

2. Policy File

Host at
https://mta-sts./.well-known/mta-sts.txt
File Content 

                    

                    
                

            


            

                
What is MTA-STS?

                
MTA-STS (RFC 8461) prevents TLS downgrade attacks on inbound email by telling sending servers they must use TLS when delivering mail to your domain.

                
    
                    
  • Prevents man-in-the-middle attacks
    • 
                    
  • Ensures encrypted email transport
    • 
                    
  • Supported by Google, Microsoft, Yahoo
    • 
                    
  • Requires HTTPS hosting for policy file
    • 
                

            


            


    
Want automated management?

    
DMARC Busta's Autopilot manages SPF, DKIM, and DMARC automatically with AI-powered decisions.

    
        Get Started Free