Increase SMTP security (MTA-STS and TLS)

1. Check your MTA-STS configuration

Increase email security with authentication and encryption

Skip this step if your domain has never used MTA-STS

If your domain has never used MTA-STS, skip this step and go to Create an MTA-STS policy.

Before you set up MTA-STS for Gmail, check current the MTA-STS configuration for your Gmail domains. You can see which domains do not have a configuration, or have an invalid configuration.

This feature is available with G Suite Enterprise, Cloud Identity Premium, G Suite Enterprise for Education, and G Suite for Education.

Check your domain MTA-STS configuration

You must be signed in as an administrator for this task. Learn more about admin privileges for the security center.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. Go to Security > Security Health.
  3. From Security Health, go to MTA-STS.
  4. The MTA-STS configuration status for your G Suite domains is in the Status column:
    • Correctly configured: The domain has a valid MTA-STS configuration.
    • Configured for all domains: All domains have a valid MTA-STS configuration.
    • Missing or misconfigured: One or more domains do not have an MTA-STS configuration, or have an invalid configuration.
  5. For missing or invalid configurations, click the domains link in the status message to see which domains have a missing or invalid MTA-STS configuration.

Note: The MTA-STS health check displays only one issue at a time for each domain, even if the domain has more than one issue. Add or fix the MTA-STS issue to resolve the issue, then run the security health check again to see any other issues.

Add or fix an MTA-STS configuration

To add or fix a configuration for one or more domains, go to Create an MTA-STS policy.

Was this helpful?
How can we improve it?