Increase email security with MTA-STS and TLS reporting

3. Publish your MTA-STS policy

Increase email security with authentication and encryption

After creating your policy, upload the file to a public web server where remote servers can access it.

Host server requirements

The web server that hosts your policy must meet these requirements:

  • Supports SSL/HTTPS.
  • Server certificate is signed and trusted by a third-party root certificate authority.

Policy changes

Every time you change the contents of the policy file, you must:

You must also take these steps when changing a policy from testing mode to enforced mode.

Add policy to a web server in your domain

  1. Verify that your domain is set up with a public web server.
  2. Add a subdomain to your domain. The subdomain name must start with mta-sts, for example:
  3. Create a directory named .well-known in the subdomain.
  4. Upload the policy file you created to the .well-known directory.

    An example URL for an MTA-STA policy is:

Next Steps

Turn on MTA-STS and TLS reporting

Was this helpful?

How can we improve it?
Clear search
Close search
Google apps
Main menu