DNS Record Explainer

v=STSv1
Protocol version identifier. "STSv1" is the only valid value; it tells mail servers which MTA-STS spec to follow when fetching your full policy.

id=20260417T000000
Policy version timestamp in UTC (YYYYMMDDThhmmss format). Mail servers cache your policy; they re-fetch it when this ID changes. Increment it whenever you update policy rules (mode, mx hosts, max_age). The value itself is arbitrary—servers just detect changes.

• Missing required fields. A valid MTA-STS policy needs mode (enforce/testing/none) and at minimum one mx rule. This record is incomplete—it's the `.well-known/mta-sts.txt` file header only, not a full policy.

• If you're showing just the TXT record: MTA-STS doesn't use DNS TXT records. The policy lives at `https:///.well-known/mta-sts.txt`. The only DNS part is an optional TXT record at `_mta-sts.` that can advertise the policy ID to speed up re-fetch detection—but it's not required.

• If this *is* meant to be the full `.well-known/mta-sts.txt` content: add mode and mx lines. Example:

```
v=STSv1
id=20260417T000000
mode=enforce
mx: mail.example.com
mx: mail2.example.com
max_age=86400
```

[ context ]

MTA-STS forces other mail servers to use TLS when connecting to your MX hosts, blocking downgrade attacks. Without the full policy (mode + mx list), nothing enforces anything—senders don't know which hosts to trust or whether failure triggers a bounce or fallback to plain SMTP.

→ /blog/mta-sts-explained