SMTP MTA Strict Transport Security (MTA-STS) is designed to protect domain owners from active downgrade and interception attacks against SMTP’s opportunistic use of Transport Layer Security (TLS).

SMTP MTA-STS is a work in progress and this tool is provided to assist domain owners in publishing a policy. We examine the following locations:

  1. _mta-sts DNS record (e.g.,
  2. RFC5785 “well-known” path of .well-known/mta-sts.json (e.g.,

The tool currently does not evaluate IETF draft-00 or draft-01 versions of the spec so policies at or with v=STS1 are considered invalid.

Checking draft 2 & 3 policies. Draft 3 support added March 31, 2017.

Lookup a domain's
MTA-STS Policy