MTA-STS Record Information

What is MTA-STS?

MTA-STS (Mail Transfer Agent Strict Transport Security) is a security standard designed to ensure that email communications are transmitted securely over the internet. Here are the key points:

• TLS Enforcement: MTA-STS enforces the use of Transport Layer Security (TLS) for email delivery, ensuring that emails are sent over an encrypted connection.
• Certificate Validation: It validates the receiving server's certificate to prevent man-in-the-middle attacks, ensuring that the email is delivered to the correct server.
• Policy Declaration: Domains publish their MTA-STS policy via DNS, specifying how email should be securely delivered to them.
• Complement to STARTTLS: Unlike STARTTLS, which is vulnerable to downgrade attacks, MTA-STS provides a stricter enforcement mechanism.

MTA-STS DNS Record

        _mta-sts.example.com. IN TXT "v=STSv1; id=20250209T225746;"
    

Policy File

        version: STSv1
        mode: enforce
        mx: inbound-smtp.us-east-1.amazonaws.com
        max_age: 604800