methodology / Security & Infrastructure (email transport) / #24

MTA-STS & TLS-RPT

live factor #24 · Security & Infrastructure (email transport) · scoring impl: implemented · weight 1.3%

What we measure

MTA-STS forces incoming mail to use TLS encryption. Without it, mail can be downgraded to plaintext by attackers. TLS-RPT gives you reports when something goes wrong.

How to improve your score

Publish `_mta-sts.<domain>` TXT record + `mta-sts.<domain>/.well-known/mta-sts.txt` policy file. Add `_smtp._tls.<domain>` TXT for reporting.

Data source

Data source for this factor is not yet documented.

Scoring

Scoring formulas are versioned with the methodology. The current method (v1.1.0) maps raw measurements to pass, warn, fail. Factor weights determine how much each contributes to the composite — see the methodology index for the full table.

Version history

← back to methodology