Increase SMTP security (MTA-STS and TLS)
3. Publish your MTA-STS policy
After creating your policy, upload the file to a public web server where remote servers can access it.
Host server requirements
The web server that hosts your policy must meet these requirements:
- Supports SSL/HTTPS.
- Server certificate is signed and trusted by a third-party root certificate authority.
Every time you change the contents of the policy file, you must:
- Update the policy file on the public web server.
- Change the policy ID in the DNS records. Learn more at Turn on MTA-STS and TLS reporting.
You must also take these steps when changing a policy from testing mode to enforced mode.
Add policy to a web server in your domain
- Verify that your domain is set up with a public web server.
- Add a subdomain to your domain. The subdomain name must start with mta-sts, for example:
- Create a directory named .well-known in the subdomain.
- Upload the policy file you created to the .well-known directory.
An example URL for an MTA-STA policy is: