With these instructions we will take you through the step-by-step process of configuring MTA-STS and enable SMTP TLS reporting for your domain on the DMARCDirector dashboard.
/msdyn_blobfile/$value)
/msdyn_blobfile/$value)
/msdyn_blobfile/$value)
If you don’t have MTA-STS or TLS-RPT enabled for your domain, the display page would look something like this:
/msdyn_blobfile/$value)
Note: The 1st CNAME record points to the server that is hosting your MTA-STS policy file. The 2nd CNAME record for MTA-STS is a DNS record to configure MTA-STS for your domain. Finally, the 3rd CNAME record is a DNS record to enable SMTP TLS reports for your domain.
/msdyn_blobfile/$value)
/msdyn_blobfile/$value)
/msdyn_blobfile/$value)
A prompt will show that the process for generating the MTA-STS policy file and TLS certificate has been initiated. Click on "Got it" to continue. Note that this might take up to 60 minutes. You will then need to wait until your screen is loading and files are being hosted and generated in the background.
/msdyn_blobfile/$value)
/msdyn_blobfile/$value)
/msdyn_blobfile/$value)
On this page, you will be able to see the DNS TXT record for MTA-STS that is published in the DNS of your domain. If your MTA-STS DNS TXT record is valid, you will see a Yes status being displayed adjacent to it. Similarly, you can check the validity and accessibility of your MTA-STS policy file on the page, as shown below.
/msdyn_blobfile/$value)
You can click on the URL provided for your hosted MTA-STS policy file to access the live policy file, as shown below:
/msdyn_blobfile/$value)
Your hosted policy file would look something like this when you click on the URL to view it:
/msdyn_blobfile/$value)
Changing Your MTA-STS Policy Mode
To change your MTA-STS policy mode, all you need to do is navigate to Mode and select your desired mode from the cascading menu.
/msdyn_blobfile/$value)
Adding an Email Address for Your TLS Aggregate Reports
You will find that the email address to which you want your generated TLS aggregate reports to be sent to, is already being displayed in the Aggregate (RUA) Report email addresses. These changes can take up to 15 minutes for the changes to be applied.
/msdyn_blobfile/$value)
Once the changes are effective, you will be able to see the new email address you added being displayed on your TLS DNS TXT record as well.
/msdyn_blobfile/$value)
I hope that this article aides you in configuring PowerMTA-STS and PowerTLS-RPT for your domain. If you have any further queries, get in touch with our support at DMARC@tangent.com.
- Login to your DMARCDirector account.
- Once logged in, on the left-hand side menu displaying the various features, navigate to and click on PowerMTA-STS tab as shown below:
- Under Domain, select your domain on the PowerMTA-STS page by cascading the Domain dropdown menu. After selecting your domain, the page will open to display all the current MTA-STS record configuration for that domain.
If you don’t have MTA-STS or TLS-RPT enabled for your domain, the display page would look something like this:
- In order to deploy MTA-STS and enable TLS-RPT for your domain, all you need to do is simply navigate to the right side of the screen and publish the 3 CNAME records that have already been automatically generated for you, in your domain's DNS.
Note: The 1st CNAME record points to the server that is hosting your MTA-STS policy file. The 2nd CNAME record for MTA-STS is a DNS record to configure MTA-STS for your domain. Finally, the 3rd CNAME record is a DNS record to enable SMTP TLS reports for your domain.
- After publishing the 3 CNAME records in your DNS, you can go ahead and validate your records to confirm that they have been implemented correctly by clicking on Validate.
- Once you click on "Validate Record" there will be a prompt appearing on your screen asking you if you're sure that you want to generate and host the policy file for MTA-STS and the TLS certificate. Click on Continue progress to complete the process.
A prompt will show that the process for generating the MTA-STS policy file and TLS certificate has been initiated. Click on "Got it" to continue. Note that this might take up to 60 minutes. You will then need to wait until your screen is loading and files are being hosted and generated in the background.
- Once completed the screen will automatically refresh to show you the MTA-STS configuration for your domain. Below is an example of a domain that has MTA-STS successfully configured for it:
On this page, you will be able to see the DNS TXT record for MTA-STS that is published in the DNS of your domain. If your MTA-STS DNS TXT record is valid, you will see a Yes status being displayed adjacent to it. Similarly, you can check the validity and accessibility of your MTA-STS policy file on the page, as shown below.
You can click on the URL provided for your hosted MTA-STS policy file to access the live policy file, as shown below:
Your hosted policy file would look something like this when you click on the URL to view it:
Changing Your MTA-STS Policy Mode
To change your MTA-STS policy mode, all you need to do is navigate to Mode and select your desired mode from the cascading menu.
Adding an Email Address for Your TLS Aggregate Reports
You will find that the email address to which you want your generated TLS aggregate reports to be sent to, is already being displayed in the Aggregate (RUA) Report email addresses. These changes can take up to 15 minutes for the changes to be applied.
Once the changes are effective, you will be able to see the new email address you added being displayed on your TLS DNS TXT record as well.
I hope that this article aides you in configuring PowerMTA-STS and PowerTLS-RPT for your domain. If you have any further queries, get in touch with our support at DMARC@tangent.com.