About MTA-STS Records for Inbound Protection

To use MTA-STS to protect SMTP connections sending emails to your domains, you need to add a DNS record and publish a policy for each of the domains. Optionally, you can add a TLS reporting DNS record for each domain to receive reports from TLS peers protected by MTA-STS.

  • The following is an example of the DNS record for MTA-STS:

    _mta-sts.example.com. 3600 IN  TXT v=STSv1; id=20220831012215;
  • The following is an example of the MTA-STS policy for the "example.com" domain, which needs to be published at https://mta-sts.example.com/.well-known/mta-sts.txt:

    version: STSv1
    mode: enforce
    mx: *.in.tmes.trendmicro.com
    mx: *.tmes.trendmicro.com
    max_age: 604800
    Note:
    Set mx based on your serving site.

    Serving Site

    mx Value

    North America, Latin America and Asia Pacific

    • *.in.tmes.trendmicro.com

    • *.tmes.trendmicro.com

    Europe, the Middle East and Africa

    • *.in.tmes.trendmicro.eu

    • *.tmes.trendmicro.eu

    Australia and New Zealand

    • *.in.tmes-anz.trendmicro.com

    • *.tmes-anz.trendmicro.com

    Japan

    • *.in.tmems-jp.trendmicro.com

    • *.tmems-jp.trendmicro.com

    Singapore

    • *.in.tmes-sg.trendmicro.com

    • *.tmes-sg.trendmicro.com

    India

    • *.in.tmes-in.trendmicro.com

    • *.tmes-in.trendmicro.com

  • The following is an example of the DNS record for TLS reporting:

    _smtp._tls.example.com. 3600 IN TXT v=TLSRPTv1;rua=mailto:reports@example.com