Increase SMTP security (MTA-STS and TLS)

3. Publish your MTA-STS policy

Increase email security with authentication and encryption

After creating your policy, upload the file to a public web server where remote servers can access it.

Host server requirements

The web server that hosts your policy must meet these requirements:

  • Supports SSL/HTTPS.
  • Server certificate is signed and trusted by a third-party root certificate authority.

Policy changes

Every time you change the contents of the policy file, you must:

You must also take these steps when changing a policy from testing mode to enforced mode.

Add policy to a web server in your domain

  1. Verify that your domain is set up with a public web server.
  2. Add a subdomain to your domain. The subdomain name must start with mta-sts, for example:
    mta-sts.solarmora.com
  3. Create a directory named .well-known in the subdomain.
  4. Upload the policy file you created to the .well-known directory.

    An example URL for an MTA-STA policy is:
    https://mta-sts.solarmora.com/.well-known/mta-sts.txt

Next Steps

Turn on MTA-STS and TLS reporting

Was this helpful?
How can we improve it?