With this user manual we will take you through the step by step process of configuring MTA-STS and enabling SMTP TLS reporting for your domain on the PowerDMARC dashboard.
Step 1: The first step to start with your PowerMTA-STS and TLS-RPT deployment would be to sign up with PowerDMARC to gain access to the PowerDMARC control panel.
After signing in, the first view available to you would be of the PowerDMARC dashboard.
Note: MTA-STS and TLS-RPT are paid features. Hence once you avail of the paid plan you can gain access to them.
Step 2: On the left-hand side menu displaying the various features, navigate to and click on the PowerMTA-STS tab as shown below:
Step 3: Add your domains by clicking on + Add Domain button at the top of the PowerMTA-STS page (If you haven’t added your domain already). Make sure you add only one domain per line.
Step 4: Add your desired domain in the blank box provided below and click on the Add Domains button to save changes.
Step 5: You can now view your registered active domains on the PowerMTA-STS page by cascading the Domain drop-down menu, like shown below:
Step 6: After clicking on your desired domain,the page will open to display all the current MTA-STS record configurations for that domain, as shown below:
If you don’t have MTA-STS or TLS-RPT enabled for your domain, the displayed page would look something like this:
Step 7: In order to deploy MTA-STS and enable TLS-RPT for your domain, all you need to do is simply navigate to the right-side of this screen and publish the 3 CNAME records that have already been automatically generated for you, in your domain’s DNS.
Note: The 1st CNAME record points to the server that is hosting your MTA-STS policy file. The 2nd CNAME record for MTA-STS is a DNS record to configure MTA-STS for your domain. Finally, the 3rd CNAME record is a DNS record to enable SMTP TLS reporting for your domain.
Step 8: After publishing the 3 CNAME records in your DNS, you can go ahead and validate your records to confirm that they have been implemented correctly by clicking on Validate MTA-STS Record.
Step 9: Once you click on Validate MTA-STS Record there will be a prompt appearing on your screen asking you if you’re sure that you want to generate and host the policy file for MTA-STS and the TLS certificate. Click on Continue progress to complete the process.
Step 10: A prompt will show that the process for generating the MTA-STS policy file and TLS certificate has been initiated. Click on Got it to continue. Note that this might take up to 60 minutes.
Step 11: Now all you need to do is wait till your screen is loading and files are being hosted and generated in the background.
Step 12: Once done, the screen will automatically refresh to show you the MTA-STS configurations for your domain. Shown below is the example of a domain that has MTA-STS successfully configured for it:
On the page, you will be able to see the DNS TXT record for MTA-STS that is published in the DNS of your domain. If your MTA-STS DNS TXT record is valid, you will see a Yes status being displayed adjacent to it. Similarly, you can check the validity and accessibility of your MTA-STS policy file on the page, as shown below:
You can click on the URL provided for your hosted MTA-STS policy file to access the live policy file, as shown below:
Your hosted policy file would look something like this when you click on the URL to view it:
View our detailed guide on MTA-STS to know about how to host your MTA-STS policy file.
Changing Your MTA-STS Policy Mode
Step 1: To change your MTA-STS policy mode, all you need to do is navigate to Mode and select your desired mode from the cascading menu.
Step 2: On selecting your desired mode you can simply refresh your live policy file to see the changes being reflected on it as shown below:
Now coming to TLS-RPT, you should be able to see the TLS DNS TXT record that is published on your domain’s DNS along with the validity status of your record, as shown below:
Adding an Email Address for Your TLS Aggregate Reports
You will find that the email address to which you want your generated TLS aggregate reports to be sent to, is already being displayed in the Aggregate (RUA) Report email addresses as shown below:
Step 1: To add another email address all you need to do is type in your desired address in the Add Email section and click on Save, as shown below:
Note: It might take up to 15 minutes for the changes to be applied.
Step 2: Once the changes are effective, you will be able to see the new email address you added being displayed on your TLS DNS TXT record as well:
We sincerely hope that this manual has aided you in configuring PowerMTA-STS and PowerTLS-RPT for your domain. However, in case of any further queries, get in touch with our support team at [email protected], and we will get back to you at the soonest!