{"id":25083893,"url":"https://github.com/sh4d1/mta-sts","last_synced_at":"2026-02-16T00:01:49.054Z","repository":{"id":229692193,"uuid":"777393176","full_name":"Sh4d1/mta-sts","owner":"Sh4d1","description":null,"archived":false,"fork":false,"pushed_at":"2024-03-25T19:18:08.000Z","size":7,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"gh-pages","last_synced_at":"2025-10-06T12:07:40.093Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Sh4d1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2024-03-25T19:10:32.000Z","updated_at":"2024-03-25T19:10:37.000Z","dependencies_parsed_at":"2024-03-25T20:31:45.748Z","dependency_job_id":"d0e127f1-ec36-44cc-8225-837919ba44d1","html_url":"https://github.com/Sh4d1/mta-sts","commit_stats":null,"previous_names":["sh4d1/mta-sts"],"tags_count":0,"template":false,"template_full_name":"jpawlowski/mta-sts.template","purl":"pkg:github/Sh4d1/mta-sts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sh4d1%2Fmta-sts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sh4d1%2Fmta-sts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sh4d1%2Fmta-sts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sh4d1%2Fmta-sts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Sh4d1","download_url":"https://codeload.github.com/Sh4d1/mta-sts/tar.gz/refs/heads/gh-pages","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sh4d1%2Fmta-sts/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29494188,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-16T00:00:57.352Z","status":"ssl_error","status_checked_at":"2026-02-15T23:56:34.338Z","response_time":118,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-07T06:29:33.872Z","updated_at":"2026-02-16T00:01:49.033Z","avatar_url":"https://github.com/Sh4d1.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cbr\u003e\n  📩 A Template to host an MTA-STS Policy file on GitHub\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n\u003ch4 align=\"center\"\u003eUse this template to host your \u003ci\u003eMTA Strict Transport Security (MTA-STS)\u003c/i\u003e \u003ca href=\"https://datatracker.ietf.org/doc/html/rfc8461\"\u003e[RFC 8461]\u003c/a\u003e policy file on GitHub Pages.\u003c/h4\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#how-to-use\"\u003eHow To Use\u003c/a\u003e •\n  \u003ca href=\"#license\"\u003eLicense\u003c/a\u003e •\n  \u003ca href=\"#author\"\u003eAuthor\u003c/a\u003e\n\u003c/p\u003e\n\nMTA-STS is a security standard to secure e-mail delivery. E-mail servers that send inbound e-mail to your domain will be able to detect that your e-mail server supports SMTP-over-TLS via `STARTTLS` (also known as [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS)) before opening the actual connection.\n\nIn case the sending e-mail server is not able to initiate a secure connection, it will end the connection to enforce transport layer encryption. This mitigates [Man-in-the-middle](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) DNS and SMTP [downgrade attacks](https://en.wikipedia.org/wiki/Downgrade_attack) that would allow an attacker to read or manipulate e-mail in transit.\n\n## How To Use\n\n1. Make sure you are [signed in to GitHub](https://github.com/login). Then click on [**Use this template**](https://github.com/jpawlowski/mta-sts.template/generate) to create a copy to your own GitHub profile (see [GitHub Docs](https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-repository-from-a-template)). Don't _clone_ the repository.\n   You may name your repository whatever you like. For simplicity, you can name it `mta-sts.\u003cyour_domain.tld\u003e`.\n\n2. Change the file `.well-known/mta-sts.txt` according to your needs.\n\n3. Create a `CNAME` record for `mta-sts.\u003cyour_domain.tld\u003e` in your domain's DNS that points to `\u003cyour_username\u003e.github.io` or `\u003cyour_organization\u003e.github.io` and [enable GitHub Pages](https://docs.github.com/articles/using-a-custom-domain-with-github-pages/).\n\n4. Open a browser to `https://mta-sts.\u003cyour_domain.tld\u003e` and make sure it does not show any certificate warnings.\n\n5. Create a `TXT` record for `_mta-sts.\u003cyour_domain.tld\u003e` in your domain's DNS to enable the MTA-STS policy for your domain.\n\n   You may copy \u0026 paste this to your DNS provider:\n\n   ```dns\n   #HOST       #TTL    #TYPE    #VALUE\n   _mta-sts    3600    TXT      \"v=STSv1; id=20220317000000Z\"\n   ```\n\n   **Note that you will need to change the `id=` here whenever you make changes to your `mta-sts.txt` policy file.**\n\n6. Validate your setup, for example by using the [MTA-STS Lookup by MXToolBox](https://mxtoolbox.com/mta-sts.aspx), or looking into your [Hardenize Public Report](https://www.hardenize.com/).\n\n_Optional (but **highly recommended**):_\n\n7. Create another `TXT` record for `_smtp._tls.\u003cyour_domain.tld\u003e` in your domain's DNS to enable reporting (see [RFC 8460](https://datatracker.ietf.org/doc/html/rfc8460)).\n   You may copy \u0026 paste this to your DNS provider:\n\n   ```dns\n   #HOST         #TTL    #TYPE    #VALUE\n   _smtp._tls    3600    TXT      \"v=TLSRPTv1; rua=mailto:tls-rua@mailcheck.\u003cyour_domain.tld\u003e\"\n   ```\n\n   Note that the e-mail recipient mailbox shall be on a different domain _without_ MTA-STS being configured. This could be a subdomain like `mailcheck.\u003cyour_domain.tld\u003e`.\n   It is also quite painful to manually deal with the reports other e-mail providers will send to you. For that particular reason, you may want to consider sending these e-mails to a 3rd-party tool like [Report URI](https://report-uri.com/), [URIports](https://www.uriports.com/), or from other commercial providers.\n\n   You probably want this to be the same tool you might use for DMARC reports, like [DMARC Analyzer](https://www.dmarcanalyzer.com/) or [Dmarcian](https://dmarcian.com/).\n\n## License\n\n[MIT License](https://github.com/jpawlowski/mta-sts.template/blob/gh-pages/LICENSE)\n\n## Author\n\n[julian.pawlowski.me](https://julian.pawlowski.me/) \u0026nbsp;\u0026middot;\u0026nbsp;\nGitHub [@jpawlowski](https://github.com/jpawlowski/mta-sts.template) \u0026nbsp;\u0026middot;\u0026nbsp;\nMastodon [@Loredo@chaos.social](https://chaos.social/@Loredo)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsh4d1%2Fmta-sts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsh4d1%2Fmta-sts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsh4d1%2Fmta-sts/lists"}