MTA-STS & TLS-RPT
Look up a domain's MTA-STS policy and TLS-RPT reporting — the DNS record, the published policy file and its enforcement mode — with a graded breakdown of how well inbound mail is protected in transit.
What are MTA-STS and TLS-RPT?
MTA-STS (SMTP MTA Strict Transport Security) lets a domain tell sending servers that mail must be delivered over a secure, authenticated TLS connection. It combines a DNS record at _mta-sts with a policy file served over HTTPS that lists the valid mail servers and an enforcement mode. With mode: enforce, senders refuse to deliver if TLS can't be negotiated — closing the door on downgrade and man-in-the-middle attacks.
TLS-RPT (SMTP TLS Reporting) is the companion record at _smtp._tls. It publishes a rua address where sending servers send daily reports about TLS and MTA-STS delivery problems, so you can spot misconfigurations before they cause mail to fail.