Inbound TLS policy check
MTA-STS Checker
Check whether a domain publishes an MTA-STS TXT record, TLS-RPT reporting record, and serves a valid HTTPS policy file. MTA-STS helps protect inbound mail delivery by requiring TLS for mail sent to your domain.
This checks _mta-sts.domain, _smtp._tls.domain and https://mta-sts.domain/.well-known/mta-sts.txt.
Privacy note: this only sends the domain name to the lookup API. No email headers or message content are used.
What MTA-STS checks
MTA-STS is different from SPF, DKIM and DMARC. SPF, DKIM and DMARC are about sender authentication. MTA-STS is about securing inbound SMTP delivery to your mail servers with TLS.
TLS-RPT is the reporting side of inbound TLS: it lets receiving domains get reports when sending servers cannot negotiate TLS or match the declared MTA-STS policy.