trustyourinbox

MTA-STS, checked end to end.

Paste any domain. We resolve the _mta-sts DNS pointer, fetch the policy file over HTTPS, and compare its mx:patterns against your live MX records, then explain what’s enforced, what’s drifting, and what to do next.

What we check: the _mta-sts.<domain> TXT pointer, the policy file at https://mta-sts.<domain>/.well-known/mta-sts.txt, the policy’s mode and max_age, and whether its mx:patterns cover your current MX records. Public DNS + a single HTTPS GET only. We don’t send any mail.

Read more: MTA-STS and TLS-RPT explained.

See also: DMARC audit · SPF tester · All free tools · Built by trustyourinbox.