Free diagnostic
Check the MTA-STS DNS signal and HTTPS policy using bounded, redirect-free public-network requests with private-address protection.
MTA-STS requires a DNS TXT signal and a policy served over HTTPS from the fixed mta-sts hostname. This tool checks both without following redirects or contacting private network addresses.
A fetchable policy does not prove that every SMTP connection negotiated TLS successfully. Pair MTA-STS with TLS-RPT guidance and ongoing domain monitoring.
Live diagnostic
This anonymous tool is rate limited and does not retain submitted input. It reports observable evidence without promising delivery, authentication alignment, or inbox placement.
No SMTP mailbox probing, account lookup, or tenant data is used.
Related
Implement policy and reporting together.
Inspect the policy's MX dependencies.
Track transport-policy drift.
See how this workflow applies to teams running developer testing, sdks, webhooks, and ci/cd.
Read the supporting guide for practical context around developer testing, sdks, webhooks, and ci/cd.
Review request and response patterns for single validation, bulk verification, suppression, and webhook flows.
Use the REST API reference when validation, bulk jobs, webhooks, reports, or usage need to run from your own systems.
Verify signed callbacks for bulk jobs, reports, sandbox events, delivery logs, and operational automation.
Use the Node and Python clients for validation, sandbox capture, report access, and webhook verification.
Compare validation volume, monitoring, API access, reporting, and workspace limits by plan.
FAQ
