Question 1

Does mastodon.social have an MTA-STS policy?

Accepted Answer

Use the MTA-STS checker above to see if mastodon.social has a published MTA-STS DNS record at _mta-sts.mastodon.social and an HTTPS policy file at mta-sts.mastodon.social/.well-known/mta-sts.txt.

Question 2

Does mastodon.social enforce TLS for email delivery?

Accepted Answer

If mastodon.social has an MTA-STS policy in enforce mode, sending mail servers must use TLS with a valid certificate when delivering email to mastodon.social. If TLS negotiation fails, the email will not be delivered in plaintext — preventing downgrade attacks.

Question 3

Does mastodon.social have TLSRPT reporting configured?

Accepted Answer

TLSRPT (TLS Reporting) is configured via a DNS TXT record at _smtp._tls.mastodon.social. When enabled, sending servers report TLS connection successes and failures back to mastodon.social, providing visibility into email encryption issues.

mastodon.social MTA-STS Policy Check

What is MTA-STS for mastodon.social?

Related Checks for mastodon.social

SSL Certificate

DMARC Record

Health Check