Is MTA-STS a replacement for SPF, DKIM and DMARC?

No. MTA-STS secures SMTP transport and complements authentication protocols.

What is required for MTA-STS?

You need a TXT record under _mta-sts and a valid HTTPS policy file on mta-sts.yourdomain.

MTA-STS tells sending servers to use secure TLS when delivering email to your domain and helps reduce downgrade attacks.

Domain

Email (for paid PDF delivery)

Free scan = summary. Paid report = complete hardening roadmap.

Includes MTA-STS and TLS-RPT implementation checklist plus core deliverability fixes.

Publish _mta-sts TXT with v=STSv1; id=....

Host /.well-known/mta-sts.txt at mta-sts.yourdomain.

The policy endpoint must serve HTTPS with a trusted certificate.

Use SPF, DKIM and DMARC alongside MTA-STS for full protection.

Preview

Run a free scan to see the summary here...