MTA‑STS is a standard that lets a domain publish a policy to require TLS for inbound SMTP connections.
The policy is served as a plain‑text file at https://mta‑sts. and is announced by a DNS TXT record _mta‑sts..
When the mode is set to enforce, sending servers must negotiate TLS with a matching MX host and a valid certificate; otherwise the mail is rejected or queued for later retry.
Optionally a TLS‑RPT record can be added to receive daily reports about TLS successes and failures.