InboxKit logo

What's New

Azure Mailboxes Now Available

New

Enterprise-grade Microsoft 365 mailboxes on Azure infrastructure. Now available for all users.

Dec 13, 2024

InfraGuard Protection Suite

New

Complete email protection with Blacklist Monitoring, DNS Monitoring, Monster Monitoring, and Unlimited Inbox Placement Tests.

Dec 13, 2024

Reward & Review Program

New

Earn wallet credits for leaving reviews on G2, LinkedIn, or Google. Use credits towards your mailbox purchases.

Dec 13, 2024

Quick Setup - Mailboxes in Under 1 Minute

New

Set up your mailboxes in under one minute using our new Quick Setup feature.

Dec 3, 2024

Weekly Mailbox Reports - Delivered to You

New

Stay on top of your deliverability. Get automated weekly performance reports delivered straight to your inbox.

Dec 3, 2024

Inbox Placement Tests Now Live

New

Test your email deliverability across major providers. Early users get tests for just 5 cents each

Nov 25, 2024

Mailbox Analytics Dashboard

New

Monitor individual mailbox performance with detailed metrics - bounce rates, reply rates, soft vs hard bounces, and email-level insights

Nov 22, 2024

New Email Verifier Tool

New

Validate email addresses in real-time with our advanced verification engine

Nov 18, 2024

Blacklist Checker Enhancement

New

Enhanced monitoring across 50+ blacklist providers with faster results

Nov 15, 2024

API Rate Limits Increased

We've doubled the API rate limits for all plans at no extra cost

Nov 10, 2024

Email Permutator Tool

Generate email address variations for better contact discovery

Nov 5, 2024

Back to tools

FREE TOOL

MTA-STS checker

Validate Mail Transfer Agent Strict Transport Security configuration. Ensure TLS encryption is properly enforced for email delivery.

What MTA-STS checks

DNS Record

Verifies MTA-STS TXT record at _mta-sts.domain

Policy File

Checks HTTPS-hosted policy at mta-sts.domain

MX Validation

Ensures policy matches mail server configuration

Related tools

Deliverability Score

Complete email infrastructure analysis.

DNS Validator

Comprehensive DNS record validation.

SPF Checker

Validate your SPF record configuration.

Understanding MTA-STS

MTA-STS (Mail Transfer Agent Strict Transport Security) is a security standard that enforces Transport Layer Security (TLS) for email exchanges between mail servers, preventing downgrade attacks and man-in-the-middle interception.

How it works

DNS announcement

TXT record at _mta-sts.domain signals MTA-STS support with a policy ID.

Policy retrieval

Sending servers fetch the policy via HTTPS from mta-sts.domain.

TLS enforcement

Policy defines which MX servers accept mail and enforces encrypted connections.

Policy modes

Testing mode

Monitor TLS usage without blocking mail. Use for initial deployment.

Enforce mode

Require TLS for all connections. Mail fails if encryption unavailable.

None mode

Disable MTA-STS while keeping DNS record. Used for maintenance.

Implementation steps

1

Create subdomain mta-sts.yourdomain.com with HTTPS certificate

2

Host policy file at /.well-known/mta-sts.txt

3

Start with mode: testing to monitor without blocking

4

Add DNS TXT record at _mta-sts.yourdomain.com

5

Implement TLS-RPT for failure reporting

6

Monitor for 2-4 weeks before enforcing

7

Switch to mode: enforce when confident

Frequently Asked Questions

MTA-STS (Mail Transfer Agent Strict Transport Security) is a security standard that allows domain owners to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.

It prevents downgrade attacks and man-in-the-middle attacks by enforcing TLS encryption for email transmission. This ensures that emails are not intercepted or read by unauthorized parties during transit.

Implementation involves publishing a DNS TXT record at _mta-sts.yourdomain.com and hosting a policy file at https://mta-sts.yourdomain.com/.well-known/mta-sts.txt. The policy file specifies the enforcement mode and allowed MX hosts.

There are three modes: 'none' (MTA-STS is disabled), 'testing' (reports are generated but delivery is not blocked on failure), and 'enforce' (TLS is required, and delivery fails if validation fails).

Secure your email with MTA-STS

InboxKit automates MTA-STS deployment and monitoring, ensuring encrypted email delivery

Deploy MTA-STS