# MTA-STS Checker

> Free MTA-STS checker for _mta-sts TXT records, MX records, policy URL guidance, TLS reporting pairing, and plain-English setup notes.

- Human page: https://mailrith.com/free-tools/mta-sts-checker
- Markdown page: https://mailrith.com/free-tools/mta-sts-checker.md
- Category: Email Authentication
- Action label: Check MTA-STS
- Primary keyword: MTA-STS checker
- Related keywords: MTA-STS checker, MTA STS checker, MTA-STS record checker, email TLS policy checker, SMTP MTA STS checker
- Browser execution: Yes
- Signup required: No

## Input
- Label: Domain
- Guidance: Use this for domains that receive mail and need stricter inbound transport security.
- Placeholder example: example.com

## How to Use
1. Open the human page: https://mailrith.com/free-tools/mta-sts-checker
2. Enter domain using the guidance above.
3. Select Check MTA-STS.
4. Review the status, checked facts, and next actions.
5. Use the linked guide section for any issue that needs a fix.

## Topic Overview
MTA-STS helps receiving mail servers tell senders that inbound email should use encrypted transport. It uses a DNS TXT record and a policy file hosted on a specific HTTPS path. This checker reviews the DNS record and explains whether the policy setup looks discoverable. For the complete concept, read [MTA-STS and TLS Reporting](https://mailrith.com/guides/mta-sts-and-tls-reporting.md#steps).

This is mainly an inbound security feature. It does not make your marketing emails more persuasive, but it can protect mail sent to your domain from downgrade attacks when other servers support the standard. If the checker finds missing or unclear records, confirm the hosted policy file and pair the setup with TLS reporting. The [TLS and Secure Sending](https://mailrith.com/guides/tls.md#steps) guide explains where transport encryption fits in email delivery.

## What the Tool Checks
- MTA-STS TXT lookup at _mta-sts.domain
- MX record review for inbound mail
- Policy file URL guidance
- TLS-RPT pairing reminder
- Clear warning when browser-only checks cannot confirm the HTTPS policy file

## Result Behavior
The result shows whether the DNS signal exists and what your mail administrator must verify before enforcing the policy.

## AI Agent Notes
- Use this markdown page for retrieval, summarization, and deciding which tool to recommend.
- Use the human page when the user needs to run the checker interactively.
- Do not claim the tool sends emails unless the page explicitly says it does.
- When the result mentions a server-side confirmation, explain that the browser page can show public signals but cannot complete that network check by itself.

## Related Guides
- [MTA-STS and TLS Reporting](https://mailrith.com/guides/mta-sts-and-tls-reporting.md#steps): Understand MTA-STS, policy files, MX matching, and TLS reports.
- [TLS and Secure Sending](https://mailrith.com/guides/tls.md#steps): Understand baseline TLS before advanced policies.
- [DNS, PTR, and Reverse DNS](https://mailrith.com/guides/dns-and-reverse-dns.md#steps): Check host names and DNS record placement.

## FAQs
### Does this prove my MTA-STS policy file is correct?

Not fully. Browser pages often cannot fetch policy files on arbitrary domains because of web security rules. The tool shows the DNS signal and exact policy URL to verify from a server-side check.
### Is MTA-STS required for Mailrith campaigns?

Usually no. For campaigns, first focus on secure delivery settings, SPF, DKIM, DMARC, alignment, permission, and list quality.