S
Sendersy
Log inGet started
Glossary

MTA-STS

Standard that forces TLS encryption on inbound SMTP traffic to your domain.

MTA-STS (Mail Transfer Agent Strict Transport Security, RFC 8461) is a standard that tells other MTAs: "when sending mail to me, you must use TLS, otherwise refuse".

It has two parts: 1. DNS record _mta-sts.yourdomain.com TXT v=STSv1; id=YYYY... 2. HTTPS page https://mta-sts.yourdomain.com/.well-known/mta-sts.txt with the policy: ``` version: STSv1 mode: enforce mx: *.your-mx-server.com max_age: 86400 ```

Sendersy publishes an MTA-STS policy automatically for every added domain. This closes the downgrade-attack vector where an attacker forces MTAs to fall back to plaintext SMTP.