Hosted MTA-STS

Mail Transfer Agent Strict Transport Security enforces TLS between mail servers. This prevents attackers from intercepting/modifying emails in transit.
Setting up MTA-STS requires a DNS record located at _mta-sts.domain.com and a policy file hosted at https://mta-sts.domain.com/.well-known/mta-sts.txt.
DMARC Defender's Hosted MTA-STS will manage all the necessary infrastructure for you. We request the SSL certificate and host the certificate and policy on the mta-sts subdomain.

Setup

  1. Add two CNAME records on your domain.
  2. Create or update your MTA-STS policy in the app.
Get Started

Benefits

  • You do not need to run or maintain a separate MTA-STS web server.
  • DMARC Defender handles SSL certificate provisioning for mta-sts.yourdomain.com.
  • The hosted service serves the policy file from the correct HTTPS path without requiring your own CloudFront, Nginx, or static hosting setup.
  • Policy updates happen in the app instead of by redeploying files or manually rotating the MTA-STS record id.