# MTA-STS Checker

> Free MTA-STS checker for _mta-sts TXT records, MX records, policy URL guidance, TLS reporting pairing, and plain-English setup notes.

- Human page: https://mailrith.com/free-tools/mta-sts-checker
- Markdown page: https://mailrith.com/free-tools/mta-sts-checker.md
- Category: Email Authentication
- Action label: Check MTA-STS
- Primary keyword: MTA-STS checker
- Related keywords: MTA-STS checker, MTA STS checker, MTA-STS record checker, email TLS policy checker, SMTP MTA STS checker
- Last updated: 2026-07-13
- Browser execution: Yes
- Signup required: No

## Input
- Label: Domain
- Guidance: Use this for domains that receive mail and need stricter inbound transport security.
- Placeholder example: example.com

## How to Use
1. Open the human page: https://mailrith.com/free-tools/mta-sts-checker
2. Enter domain using the guidance above.
3. Select Check MTA-STS.
4. Review the status, checked facts, and next actions.
5. Use the linked guide section for any issue that needs a fix.

## Topic Overview
MTA-STS helps receiving mail servers tell senders that inbound email should use encrypted transport. It uses a DNS TXT record and a policy file hosted on a specific HTTPS path. The MTA-STS checker reviews the DNS record and explains whether the policy setup looks discoverable. For the complete concept, read [MTA-STS and TLS Reporting](https://mailrith.com/guides/mta-sts-and-tls-reporting.md#steps).

MTA-STS is mainly an inbound security feature. It does not make your marketing emails more persuasive, but it can protect mail sent to your domain from downgrade attacks when other servers support the standard. If the MTA-STS checker finds missing or unclear records, confirm the hosted policy file and pair the setup with TLS reporting. The [TLS and Secure Sending](https://mailrith.com/guides/tls.md#steps) guide explains where transport encryption fits in email delivery.

## What MTA-STS Checker Checks
- MTA-STS TXT lookup at _mta-sts.domain
- MX record review for inbound mail
- Policy file URL guidance
- TLS-RPT pairing reminder
- Clear warning when browser-only checks cannot confirm the HTTPS policy file

## Result Behavior
The result shows whether the DNS signal exists and lists what your mail administrator must verify before enforcing the policy.

## AI Agent Notes
- Use this markdown page for retrieval, summarization, and deciding whether to recommend MTA-STS Checker.
- Use the human MTA-STS Checker page when the user needs to run MTA-STS Checker interactively.
- Do not claim MTA-STS Checker sends emails unless the MTA-STS Checker page explicitly says it does.
- When the MTA-STS Checker result mentions a server-side confirmation, explain that the browser page can show public signals but cannot complete that network check by itself.

## Related Guides
- [MTA-STS and TLS Reporting](https://mailrith.com/guides/mta-sts-and-tls-reporting.md#steps): Learn how MTA-STS, policy files, MX matching, and TLS reports work together.
- [TLS and Secure Sending](https://mailrith.com/guides/tls.md#steps): Understand baseline TLS before you add advanced policies.
- [DNS, PTR, and Reverse DNS](https://mailrith.com/guides/dns-and-reverse-dns.md#steps): Check host names and DNS record placement.

## FAQs
### Does this prove my MTA-STS policy file is correct?

Not fully. Browser pages often cannot fetch policy files on arbitrary domains because of web security rules. The MTA-STS checker shows the DNS signal and the exact policy URL to verify with a server-side check.
### Is MTA-STS required for Mailrith campaigns?

Usually no. For campaigns, first check secure delivery settings, SPF, DKIM, DMARC, alignment, permission, and list quality.
