---
title: "Free MTA-STS Checker | AutoSPF"
description: "Check MTA-STS configuration for any domain. Validate the DNS record, policy file, TLS enforcement mode, and authorized MX hosts with our free MTA-STS checker tool."
image: "https://autospf.com/images/og-default.png"
canonical: "https://autospf.com/tools/mta-sts-checker/"
---

## Check Your MTA-STS Configuration

Enter your domain to check both the DNS record and the policy file hosted at your domain.

Check MTA-STS

## What is MTA-STS?

MTA-STS (Mail Transfer Agent Strict Transport Security) is an email security standard defined in [RFC 8461](https://www.rfc-editor.org/rfc/rfc8461) that enables domains to declare that they support TLS encryption for inbound email and that sending servers should refuse to deliver messages over unencrypted connections.

Without MTA-STS, email between servers can be intercepted through man-in-the-middle attacks that strip TLS encryption - even if both servers support it. This is called a TLS downgrade attack. MTA-STS prevents this by telling sending servers to require TLS and to validate the certificate.

MTA-STS has two components: a DNS TXT record at `_mta-sts.yourdomain.com` and a policy file hosted at `https://mta-sts.yourdomain.com/.well-known/mta-sts.txt`.

Policy Configuration 

## MTA-STS Policy Modes

### enforce

Mail that cannot be delivered over a valid TLS connection is rejected. This is the strongest mode and provides maximum protection against downgrade attacks.

### testing

TLS failures are reported via TLS-RPT but mail is still delivered. Ideal for initial deployment to identify issues before enforcing.

### none

MTA-STS is effectively disabled. No TLS requirement is communicated to sending servers. Used to deactivate a previously published policy.

Step by Step 

## How MTA-STS Works

### DNS Discovery

The sending server queries \_mta-sts.yourdomain.com for a TXT record containing v=STSv1; id=20240101.

### Policy Fetch

If the TXT record exists, the sender fetches the policy file from https://mta-sts.yourdomain.com/.well-known/mta-sts.txt over HTTPS.

### TLS Enforcement

Based on the policy mode, the sender either enforces TLS (reject failures), reports failures (testing mode), or does nothing (none mode).

### MX Validation

The policy file specifies which MX hosts are valid. The sender verifies that the MX server certificate matches one of the authorized hosts before delivering.

## RFC 8461 Reference

MTA-STS is defined in [RFC 8461](https://www.rfc-editor.org/rfc/rfc8461) (September 2018). It complements [RFC 8460](https://www.rfc-editor.org/rfc/rfc8460) (SMTP TLS Reporting) which provides visibility into TLS connection failures.

Example MTA-STS policy file:

version: STSv1
mode: enforce
mx: mail.example.com
mx: *.example.com
max_age: 604800

## Complete your email security stack

MTA-STS protects inbound TLS. AutoSPF protects your outbound SPF - automatically flattening records to stay within the 10-lookup limit.

[Start Free Trial→](https://app.autospf.com/login)[View Plans & Pricing](/pricing/)

Rated 5/5 on G2 · Trusted since 2018 

##  What Our Customers Say 

### "AutoSPF Flattens SPF Records Seamlessly & Keeps Changes Logged - I am quite pleased with the product"

> It does what it promises to do, and does it very well. I appreciate that it keeps a log of changes made, which prevents many mistakes. A client's SPF record would have way too many lookups, but AutoSPF makes that problem go away. The length of the SPF record is typically not the issue; it's the amount of lookups in the record that are. AutoSPF "flattens" the record, automatically expanding the defined lookups to IP addresses or ranges. And it auto-updates the record when the un-flattened lookups change. 

 PJ 

Peter J.

 President · Small-Business (50 or fewer emp.) 

### "Helped us go beyond capacity"

> AutoSPF did exactly as described, it helped us get past our 10 lookup limit. Afterwards, we hit another limit regarding overall capacity and when contacted, they quickly provided us with a new solution to eliminate capacity issues entirely going forward, so now we can add as many SPF records as needed. They also provided us with a personalized support video explaining their new method in its entirety using our instance as the example. 

 VU 

Verified User

 Financial Services · Mid-Market (51-1000 emp.) 

[Read our reviews on G2 ](https://www.g2.com/products/autospf/reviews)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.facebook.com/autospf","https://github.com/duocircle","https://www.g2.com/products/autospf/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.6","reviewCount":"28","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/autospf/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM","Email Deliverability","SPF Lookup Limits"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Tools","item":"https://autospf.com/tools/"},{"@type":"ListItem","position":3,"name":"MTA-STS Checker","item":"https://autospf.com/tools/mta-sts-checker/"}]}
```

```json
{"@context":"https://schema.org","@type":"Product","name":"AutoSPF","url":"https://autospf.com","aggregateRating":{"@type":"AggregateRating","ratingValue":5,"reviewCount":21,"bestRating":5,"worstRating":1},"review":[{"@type":"Review","reviewRating":{"@type":"Rating","ratingValue":5,"bestRating":5},"author":{"@type":"Person","name":"Peter J.","jobTitle":"President"},"datePublished":"2026-03-10","reviewBody":"It does what it promises to do, and does it very well. I appreciate that it keeps a log of changes made, which prevents many mistakes. A client's SPF record would have way too many lookups, but AutoSPF makes that problem go away. The length of the SPF record is typically not the issue; it's the amount of lookups in the record that are. AutoSPF \"flattens\" the record, automatically expanding the defined lookups to IP addresses or ranges. And it auto-updates the record when the un-flattened lookups change.","name":"AutoSPF Flattens SPF Records Seamlessly & Keeps Changes Logged - I am quite pleased with the product","publisher":{"@type":"Organization","name":"G2","url":"https://www.g2.com"}},{"@type":"Review","reviewRating":{"@type":"Rating","ratingValue":5,"bestRating":5},"author":{"@type":"Person","name":"Verified User","jobTitle":"Financial Services"},"datePublished":"2025-07-31","reviewBody":"AutoSPF did exactly as described, it helped us get past our 10 lookup limit. Afterwards, we hit another limit regarding overall capacity and when contacted, they quickly provided us with a new solution to eliminate capacity issues entirely going forward, so now we can add as many SPF records as needed. They also provided us with a personalized support video explaining their new method in its entirety using our instance as the example.","name":"Helped us go beyond capacity","publisher":{"@type":"Organization","name":"G2","url":"https://www.g2.com"}}]}
```