Tech

MTA-STS adoption: three years of steady growth

Freddie Leeman

2 min read
MTA-STS adoption: three years of steady growth

At URIports, we continuously monitor real-world email authentication deployment. For MTA-STS, we now have three comparable data points: snapshots taken during the first week of 2024, 2025, and 2026.

Adoption is increasing, but remains low

Across the Top 1 million domains, the number of domains publishing an MTA-STS policy has more than doubled in two years:

  • 2024: 2,975 domains (0.3%)
  • 2025: 5,155 domains (0.5%)
  • 2026: 7,377 domains (0.7%)

Despite the strong relative growth, overall adoption across the Top 1 million domains remains below 1%. MTA-STS is still early in its lifecycle, but the growth curve is clearly upward and consistent year over year.

Most published policies are valid

One positive signal is the quality of MTA-STS deployments within the Top 1 million domains.

  • 2024: 80.3% valid
  • 2025: 82.1% valid
  • 2026: 80.8% valid

Roughly four out of five domains that publish MTA-STS do so correctly. Once organizations decide to deploy MTA-STS, most manage to get the technical details right.

Enforcement

Looking only at Top 1 million domains that publish MTA-STS, enforcement is common:

  • Approximately 54% use enforce
  • Approximately 45% use testing

This distribution has remained remarkably stable over the three-year period, showing that testing mode is typically a transitional phase rather than a permanent state.

Why MTA-STS deployments fail

Among domains with invalid MTA-STS configurations, the same issues appear year after year (percentage based on January 2026):

  1. Missing A or AAAA records for the policy host (34%)
  2. HTTPS certificate problems (25%)
  3. TLS or certificate validation failures (6%)
  4. Expired certificates (6%)
  5. MX hosts missing from the policy (5%)
  6. Connection timed out while connecting (5%)
  7. Hostname mismatch with certificate (5%)
  8. Syntax errors in policy (3%)
  9. Invalid Content-Type (3%)

URIports and hosted MTA-STS

Within the Top 1 million domains that use a Hosted MTA-STS deployment, URIports consistently accounts for a significant share.

  • 2024: 13.2%
  • 2025: 9.5%
  • 2026: 9.7%

This means that nearly one in ten hosted MTA-STS deployments in the Top 1 million domains relies on URIports.

Why organizations choose URIports

The Top 1 million domains include many high-value and high-traffic email targets. For these domains, MTA-STS must remain operational at all times.

URIports helps organizations by providing:

  • Hosted MTA-STS endpoints with high availability
  • Continuous validation of HTTPS reachability and certificates
  • Early detection of configuration drift and failures
  • Integrated insight alongside DMARC and TLS reporting

This directly addresses the most common failure modes seen in real-world data.

Conclusion

Based on three years of snapshots of the Top 1 million domains, MTA-STS adoption is steadily increasing, deployments are generally valid, and enforcement is common once implemented. However, overall adoption remains low and operational issues continue to cause failures.

As MTA-STS adoption grows, monitoring and validation will matter as much as initial deployment. URIports is designed to provide exactly that level of visibility and reliability.