To use MTA-STS to protect SMTP connections sending emails to your domains, you need to add a DNS record and publish a policy for each of the domains. Optionally, you can add a TLS reporting DNS record for each domain to receive reports from TLS peers protected by MTA-STS.
The following is an example of the DNS record for MTA-STS:
_mta-sts.example.com. 3600 IN TXT v=STSv1; id=20220831012215;
The following is an example of the MTA-STS policy for the "example.com" domain, which needs to be published at https://mta-sts.example.com/.well-known/mta-sts.txt:
version: STSv1 mode: enforce mx: *.in.tmes.trendmicro.com mx: *.tmes.trendmicro.com max_age: 604800
Serving Site |
mx Value |
---|---|
North America, Latin America and Asia Pacific |
|
Europe, the Middle East and Africa |
|
Australia and New Zealand |
|
Japan |
|
Singapore |
|
India |
|
The following is an example of the DNS record for TLS reporting:
_smtp._tls.example.com. 3600 IN TXT v=TLSRPTv1;rua=mailto:reports@example.com