Cheat Sheet
_mta-sts.contoso.com TXT "v=STSv1; id=27042401"
mta-sts.contoso.com A [ip of server hosting policy file]
https://mta-sts.contoso.com/.well-known/mta-sts.txt
version: STSv1 mode: testing mx: mx1.example.gov.uk mx: mx2.example.gov.uk max_age: 86401
(optional)
_smtp._tls.contoso.com TXT "v=TLSRPTv1;rua=mailto:reporting@contoso.com"
Configuring MTA-STS requires the following components.
1. Policy file location
The policy file must be stored on an HTTPs enabled website on the mta-sts sub-domain. The URI is a mandatory requirement and neither the sub-domain, folder or file name may be altered. Take care with case-sensitivity.
A valid SSL certificate encompassing the mta-sts sub-domain must be available on the server hosting the policy file. Keep this in mind when referring to the site with the default domain (*) or CName record.
2. Policy File contents
The policy file uses a straight forward syntax.
The field of note is the mode field that can be set to none | testing | enforce
The max_age field should be set to a long value. The minimum max_age value is 1 week (604800 seconds).
Mail exchangers authorised to accept mail addressed to the domain are listed in the policy file using one or more mx fields.
Example:
version: STSv1
mode: testing
mx: mail.contoso.com
mx: mx.backup.contoso.com
max_age: 604800
Syntax:
mode: none | testing | enforce
3. DNS records
Two DNS records are mandatory. The reporting record is optional.
mta-sts.<domain> A | CName - specifies the location of the policy file URI.
_mts-sts.<domain> TXT - returns a policy serial number id value. The record should be updated when the policy is changed.
_smtp._tls.<domain> TXT - returns the reporting policy and reporting recipient.
_smtp._sts
« Go back
Powered by Help Desk Software HESK, in partnership with SysAid Technologies
Loading knowledgebase suggestions...