STARTTLS extends SMTP with opportunistic encryption. A mail server advertises STARTTLS during the EHLO handshake, and sending systems can negotiate TLS for the message body. Modern operators expect TLS 1.2 minimum; TLS 1.0 / 1.1 are deprecated.

SMTP TLS Posture Check for relaymetry.com

TLS check unavailable — IPv6-only mail paths are not checked in this release.

This domain's MX hosts have only IPv6 addresses. Ship 1 of Relaymetry probes IPv4 mail paths only; IPv6-only mail is not checked.

Computed 48 seconds ago

The result above probes the domains primary MX hosts on ports 25 + 587 (or whichever the domain uses) and reports the TLS version negotiated, certificate validity, SAN match status, and whether MTA-STS / TLS-RPT policies are published.

Configure TLS 1.2 minimum; aim for TLS 1.3 where possible. Ensure the certificate SAN includes the MX hostname (not just the apex domain). Publish MTA-STS to enforce TLS for inbound traffic and TLS-RPT to receive failure reports — both are zero-cost upgrades that meaningfully harden mail-in-transit security.