MTA-STS Policy for getopensocial.com

This repository hosts the MTA-STS (Mail Transfer Agent Strict Transport Security) policy file for getopensocial.com.

What is MTA-STS?

MTA-STS is a security standard that helps protect email delivery by ensuring that email servers only accept connections over encrypted TLS (Transport Layer Security) channels. It prevents man-in-the-middle attacks and downgrade attacks on email transmission.

When properly configured, MTA-STS tells sending mail servers:

• Which mail servers are authorized to receive email for the domain
• That connections must use valid TLS certificates
• That connections must not be downgraded to unencrypted channels

How It Works

This repository uses GitHub Pages to serve the MTA-STS policy file at:

https://mta-sts.getopensocial.com/.well-known/mta-sts.txt

The policy file specifies:

• Version: STSv1 (the current MTA-STS specification)
• Mode: testing (monitoring mode - can be changed to enforce after verification)
• MX Records: Authorized mail servers for getopensocial.com (Google Workspace)
• Max Age: How long the policy should be cached (7 days)

Current Policy

The policy file is located at docs/.well-known/mta-sts.txt.

Verification

You can verify the MTA-STS configuration for getopensocial.com using:

• MXToolbox MTA-STS Lookup
• Direct access: https://mta-sts.getopensocial.com/.well-known/mta-sts.txt

Repository Structure

docs/
├── .well-known/
│   └── mta-sts.txt          # MTA-STS policy file
├── CNAME                    # Custom domain configuration
└── .nojekyll                # Disables Jekyll processing

Learn More

• RFC 8461: SMTP MTA Strict Transport Security (MTA-STS)
• Google Workspace MTA-STS Documentation