This error indicates (per RFC 8461 Section 3.3) that the subdomain setup for the MTA-STS policy (mta-sts.domain.com) DOES NOT have a valid certificate or the certificate has expired. Without a valid, non-expired certificate (issued by a trusted Certificate Authority), the MTA-STS policy is invalid.
How can I resolve this issue?
-
Purchase or renew an X.509 certificate for the HTTPS server hosting the subdomain
-
Certificate MUST be from a trusted Certificate Authority
Your Email Deliverability is in Jeopardy!
Blacklisting is a sign that you are not actively managing your email deliverability. Other technologies - SPF, DKIM and DMARC are now just as important to get your email placed in the Inbox of your recipients. If you aren’t managing email deliverability, your message may never be heard.
MxToolbox Delivery Center Features:
- Insight into your SPF, DKIM and DMARC configuration to ensure your sending email properly
- DMARC Compliance checks for all of your reported email
- Adaptive Blacklist Monitoring of all your email senders
- Recommendations for improving DMARC compliance and DMARC policies
- Event-based reminders for emergent issues and on-going maintenance
DMARC is a necessity for your business!
Learn More about Email Delivery