1. MTA-STS

RFC8461 SMTP MTA Strict Transport Security (MTA-STS)

1.1. MTA-STSのプロセス

3.1. MTA-STS TXT Records

The MTA-STS TXT record is a TXT record with the name "_mta-sts" at the Policy Domain. For the domain "example.com", this record would be "_mta-sts.example.com". MTA-STS TXT records MUST be US-ASCII, semicolon-separated key/value pairs containing the following fields:

_mta-sts.gmail.com.     300     IN      TXT     "v=STSv1; id=20190429T010101;"

3.2. MTA-STS Policies

The policy itself is a set of key/value pairs (similar to header fields in [RFC5322]) served via the HTTPS GET method from the fixed "well-known" [RFC5785] path of ".well-known/mta-sts.txt" served by the Policy Host.

The Policy Host DNS name is constructed by prepending "mta-sts" to the Policy Domain.

ポリシーファイルは、RFC5785の規定に沿って、「.well-known」というフォルダに「mta-sts.txt」というファイル名で保存します。

version: STSv1
mode: enforce
mx: gmail-smtp-in.l.google.com
mx: *.gmail-smtp-in.l.google.com
max_age: 86400

5.1. Policy Application Control Flow

For each candidate MX, in order of MX priority, attempt to deliver the message.
- If a policy is present with an "enforce" mode,
  - when attempting to deliver to each candidate MX, ensure STARTTLS support and host identity validity as described in Section 4, "Policy Validation".
  If a candidate fails validation, continue to the next candidate (if there is one).