A large recipient asks whether we use MTA-STS
MTA-STS forces incoming mail to your domain to always travel over TLS. A small policy file and two DNS records, nothing exotic.
Try this first
- 1Host a text file at mta-sts.yourdomain/.well-known/mta-sts.txt with a mode line and your MX names.
- 2Add a TXT record at _mta-sts.yourdomain with a version and id field.
- 3Start in mode 'testing' and let it run for a few weeks. Only then switch to 'enforce'.
- 4Also enable TLS-RPT (see separate entry) so you receive reports of failed TLS connections.
When to bring us in
The policy file has to be reachable via HTTPS on a subdomain, which touches both hosting and DNS. If that is not your area, we will set it up for you.
See also
- Our emails land in spam for some recipientsAlmost always an SPF, DKIM, or DMARC setting that is wrong or missing, or a sender name that mimics a well-known brand.
- Someone reports receiving phishing emails "from us"Read: spoofing. Someone is abusing your sender name, not necessarily your actual mailbox.
- An email bounces (NDR): delivery failedThe NDR text usually states the exact reason. Reading it is step one.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.