Advanced MTA-STS & TLS-RPT Generator
Generate the necessary DNS records and policy file content to enhance your email security with MTA-STS and TLS-RPT.
Domain Configuration
Crucial Next Steps
Add DNS Records
Log in to your domain's DNS management panel (e.g., your domain registrar or hosting provider). Create or update the DNS records exactly as generated above. Ensure the "Host/Name", "Value/Target/Text", and "TTL" fields match precisely. DNS changes can take a few minutes to several hours to propagate globally.
Create Dedicated Subdomain & Host Policy File
For the MTA-STS policy file (e.g., mta-sts.www.itinfotech.in), you need to create a specific subdomain. In your DNS panel, create an A record for this subdomain, pointing to the IP address of your web server where you will host the mta-sts.txt file.
- Create the directory structure:
/.well-known/on your web server. - Inside, create a plain text file named
mta-sts.txt. - Copy the "MTA-STS Policy File Content" and paste it exactly into this file.
- Crucial: Your web server must serve this over HTTPS with a valid SSL/TLS certificate.
Verify Your Setup
After DNS propagation (up to 24 hours), use online MTA-STS validators to check your configuration:
Monitor TLS Reports
Keep a close eye on the aggregate TLS reports sent to your specified reporting email address. These reports will tell you if mail servers are successfully applying your MTA-STS policy and if there are any issues with TLS connections. This is vital during the `testing` phase.
Switch to 'Enforce' Mode (After Testing)
Once you are confident (after several weeks of monitoring reports) that your MTA-STS policy is not causing any legitimate email delivery issues, you can update your mode in your mta-sts.txt file to enforce. Remember to also update the id in your _mta-sts TXT record (you can re-run this tool to get a new ID) to signal that the policy has changed.