There might be times when you want to turn off MTA-STS for your domain. For example, you might be troubleshooting your mail server configuration or changing mail providers. MTA-STS is turned on per domain. If you have more than one domain, turn off MTA-STS separately for each domain.
Option 1: Change the mode for your MTA-STS policy
MTA-STS turned off in 24 hours or less.
MTA-STS policies have 3 modes. Active policies use enforce or testing mode. You can turn off MTA-STS with a policy in none mode. To learn more about MTA-STS policy files and modes, review Create an MTA-STS policy.
Step 1: Update your policy file on your local computer
https://mta-sts.solarmora.com/.well-known/mta-sts.txt
Update the file:
- Change the mode value to none.
- Change the max_age value to 86400 (about one day).
- Remove all mx key value pairs (all lines that start with mx).
Below is an example policy file. The left column is an active MTA-STS policy. The right column is the same policy updated to turn off MTA-STS. The domain in the active policy is an example domain.
| Active MTA-STS policy | MTA-STS policy in none mode |
|---|---|
version: STSv1 |
version: STSv1 |
Step 2: Upload updated policy file to your domain's public server
Note: If you’ve never published an MTA-STS policy file, review detailed steps in Publish your MTA-STS policy.
Upload the updated policy file to the same web server and directory as the current policy file. The new file should overwrite the current file at:
https://mta-sts.solarmora.com/.well-known/mta-sts.txt
Step 3: Change the ID in your MTA-STS DNS TXT record
Note: Detailed steps for updating DNS TXT records are in Turn on MTA-STS and TLS reporting. You can also check with your domain provider for instructions for managing DNS TXT records for your domain.
- Sign in to your domain management console and locate the page where you manage DNS records for your domain.
- Find the MTA-STS TXT record for your domain. The label will be _mta-sts: or something similar.
- Change the ID value in TXT record value field. This is usually the second field. The ID value must be different than the current value and can be up to 32 letters and numbers, for example:
id=20200425085700 - Save your changes.
An updated DNS TXT record takes effect based on the Time To Live (TTL) value for the record. Each TXT record for your domain has a TTL.
Depending on the TTL, it can take up to 24 hours for DNS record changes to take effect. Learn more about TTL and recommended values.
Option 2: Delete your MTA-STS DNS TXT record
MTA-STS turned off when policy expires, from one day to one year.
With this method, MTA-STS is turned off after the current and previous policies expire.
Some remote sites might have stored a previous policy version in the cache. Previous policies can have a later expiration date than your current policy.
Step 1: Verify the policy expiration time
When you create a policy file, you set the policy expiration time with the max_age value. The expiration time can be from one day to about one year and resets every time an external mail server checks the policy.
You can verify the current policy expiration time in the policy file. View the file on your web server at this location (replace the example domain with your domain):
https://mta-sts.solarmora.com/.well-known/mta-sts.txt
The max_age value is in seconds.
If the policy expiration is too long, use the first method in this article, Option 1: Change the mode for your MTA-STS policy.
Step 2: Delete the MTA-STS record for your domain
Do this step in the console you use to manage your domain. You can also check with your domain provider for instructions to delete TXT records.
- Sign in to your domain management console and locate the page where you manage DNS records for your domain.
- Find the MTA-STS TXT record for your domain. The label will be _mta-sts: or something similar.
- Delete the TXT record.
- Save your changes.
MTA-STS is turned off for your domain when the policy with the longest expiration time expires.
