https://github.com/joscha/mta-sts-cloudflare

A Cloudflare worker for mta-sts policy files
https://github.com/joscha/mta-sts-cloudflare

cloudflare email mta-sts security

Last synced: 3 months ago
JSON representation

A Cloudflare worker for mta-sts policy files

• Host: GitHub
• URL: https://github.com/joscha/mta-sts-cloudflare
• Owner: joscha
• Created: 2025-07-17T14:34:03.000Z (6 months ago)
• Default Branch: master
• Last Pushed: 2025-07-17T15:42:46.000Z (6 months ago)
• Last Synced: 2025-08-03T23:59:15.730Z (5 months ago)
• Topics: cloudflare, email, mta-sts, security
• Language: TypeScript
• Homepage:
• Size: 8.79 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# `mta-sts` Cloudlfare worker

Template for a Cloudflare worker for handling the MTA STS policy file.

Create a copy of this template and connect it via the github feature from Cloudflare workers:



and then: 



---

This worker is designed to be able to neatly handle MTA-STS policies for multiple domains.

- Make a new worker with this script and add your domains to the `stsPolicies` dict like the example.

- Add a DNS `AAAA` record for `mta-sts.yourdomain.com` pointing to `100::` and set to proxied,

- Then add a workers route for `mta-sts.yourdomain.com/*` pointing to this worker.

- You should probably also create a Cloudflare configuration rule disabling Browser Integrity Check for the mta-sts subdomain to ensure MTAs aren't blocked from retrieving your policy.

- You'll still need to manually add the appropriate `_mta-sts.yourdomain.com` `TXT` record to enable the policy, and the `_smtp._tls.yourdomain.com` `TXT` record for reporting.

---