What is MTA-STS hosting?

MTA-STS hosting is a service that hosts your MTA-STS policy file at the required HTTPS endpoint (https://mta-sts.yourdomain.com/.well-known/mta-sts.txt) so you don't need to set up and maintain a web server yourself. You just add DNS records pointing to the hosting service.

Is CaptainDNS MTA-STS hosting really free?

Yes, our MTA-STS hosting service is completely free. We believe every domain should be able to deploy MTA-STS regardless of technical resources. There are no hidden fees or premium tiers for basic policy hosting.

How does MTA-STS hosting work?

You create a policy in our dashboard, verify domain ownership via a DNS TXT record, then add a CNAME record pointing mta-sts.yourdomain.com to our servers. We serve your policy file over HTTPS with a valid certificate. You also add a _mta-sts TXT record to advertise the policy to sending mail servers.

Do I still need to manage DNS records?

Yes, you need to add three DNS records: a TXT record for domain verification, a CNAME for the policy endpoint, and a TXT record at _mta-sts to advertise your policy. We provide the exact values to copy and verify they're correctly configured.

Can I switch from self-hosting to CaptainDNS hosting?

Yes, simply create a policy in our dashboard and update your DNS records. Change the A/AAAA record for mta-sts.yourdomain.com to a CNAME pointing to our server. The transition is seamless for sending mail servers.

What happens if the hosting service goes down?

Sending servers cache your MTA-STS policy based on the max_age value. If our service is temporarily unavailable, cached policies continue to protect your email. We maintain high availability with redundant infrastructure.

Free MTA-STS Hosting - Automated Policy Hosting & DNS Deployment

Why use hosted MTA-STS?

MTA-STS (RFC 8461) requires hosting a policy file at https://mta-sts.yourdomain.com/.well-known/mta-sts.txt. This means you need:

A subdomain with a valid HTTPS certificate
A web server to serve the policy file
Ongoing maintenance to keep certificates renewed

With hosted MTA-STS, you skip all of that. Just add DNS records and we handle the HTTPS hosting, certificate management, and policy serving.

CNAME: Points mta-sts.yourdomain.com to our policy server
TXT: Advertises your MTA-STS policy at _mta-sts.yourdomain.com

That's it. Your MTA-STS policy is live and serving.

When to use hosted vs. self-hosted MTA-STS

Feature	Hosted (CaptainDNS)	Self-hosted
Web server setup	Not needed	Required
HTTPS certificate	Automatic	Manual (Let's Encrypt, etc.)
Policy updates	Dashboard + auto rotation	Manual file editing
Multiple domains	Single dashboard	Per-domain server config
Downtime risk	Redundant infrastructure	Depends on your setup
Cost	Free	Server hosting costs

Choose hosted if you want zero infrastructure overhead. Choose self-hosted if you need full control over the policy endpoint.

Complementary tools

Tool	Description
MTA-STS Generator	Generate MTA-STS records and policy files
MTA-STS Record Checker	Validate your MTA-STS configuration
MTA-STS Syntax Checker	Validate MTA-STS syntax offline
TLS-RPT Generator	Set up TLS reporting alongside MTA-STS

Free MTA-STS Hosting

Automated MTA-STS policy hosting for any domain

No web server needed

Automatic HTTPS

DNS verification

Policy management

Multiple domains

Why use hosted MTA-STS?

How it works

1. Create your policy

2. Verify domain ownership

3. Add deployment DNS records

When to use hosted vs. self-hosted MTA-STS

Complementary tools