MTA-STS record generator
Generate DNS and policy values for MTA-STS so receiving mail servers can enforce SMTP TLS.
Guide
What this tool is for and how to use it
This MTA-STS record generator creates both pieces you need for deployment:
- DNS TXT record at
policy file content
Suggested rollout approach
- Start with
to validate behavior without enforcement. - Move to
when you are confident all receiving paths support TLS.
The value controls how long receivers cache your policy. Use shorter values during rollout, then increase once stable.
Deployment checklist
- Publish generated DNS TXT record
- Host generated policy file on HTTPS
- Run the MTA-STS checker to verify rollout
- Pair with TLS reporting for visibility
Before you enforce
Confirm that every MX host listed in the policy is current, that HTTPS hosting is stable, and that certificate renewals for the policy endpoint are monitored. MTA-STS is most useful when DNS, HTTPS, and mail routing are managed together instead of updated independently.