Increase email security with MTA-STS and TLS reporting

3. Publish your MTA-STS policy

Increase email security with authentication and encryption

After creating your policy, upload the file to a public web server where remote servers can access it.

Host server requirements

The web server that hosts your policy must meet these requirements:

  • Supports SSL/HTTPS.
  • Server certificate is signed and trusted by a third-party root certificate authority.

Policy changes

Every time you change the contents of the policy file, you must:

You must also take these steps when changing a policy from testing mode to enforced mode.

Add policy to a web server in your domain

  1. Verify that your domain is set up with a public web server.
  2. Add a subdomain to your domain. The subdomain name must start with mta-sts, for example:
  3. Create a directory named .well-known in the subdomain.
  4. Upload the policy file you created to the .well-known directory.

    An example URL for an MTA-STA policy is:

Next Steps

Turn on MTA-STS and TLS reporting

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Clear search
Close search
Google apps
Main menu
Search Help Center