SMTP MTA Strict Transport Security (MTA-STS) is a mechanism enabling mail service providers (SPs) to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections.
SMTP MTA Strict Transport Security (MTA-STS) can also specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.
To set up MTA-STS for your own domain, you will need an MTA-STS policy file that can be downloaded via HTTPS from the URL https://mta-sts.domain.tld/.well-known/mta-sts.txt, where "domain.tld" is your domain name.
The policy text file should contain lines in the following format:
Mode can be "none", "testing", or "enforce". There should be an "mx" line for each of your MX hostnames. A wildcard can be used for subdomains, such as "*.domain.tld". Max age is in seconds. Common values are 86400 (1 day) and 604800 (1 week).
A DNS TXT record at _mta-sts.domain.tld, where "domain.tld" is your domain name must be created.
This DNS txt record must have a value in the format:
The value for "id" must be changed every time the policy file is changed. It is common to use a timestamp for the id.