This templated repository automatically deploys a GitHub Pages site for hosting a mta-sts.txt file.
You should be configuring a mta-sts.txt deployment for every domain you recieve emails with.
When using this template you need to set the new name to the mta-sts fully qualified domain name, like mta-sts.gc3.security.gov.uk, this is to ensure the auto-discovery and deployment of Pages works appropriately. You can alternatively set the MTASTS_DOMAIN environment variable in the workflow.
By default, this repo looks up your MX records and sets the mta-sts to testing mode using the configure workflow.
- Publish a TLS-RPT record, like
_smtp._tls 300 TXT "v=TLSRPTv1;rua=mailto:[email protected]" - Use this template, making sure to set the new repository name to the full mta-sts domain, like
mta-sts.gc3.security.gov.uk - Observe the Actions to make sure configure.yml and gh-pages.yml deploy correctly
- Make sure the build and deployment source is set to GitHub Actions in Settings → Pages
- You may need to select the
mainbranch and/ rootin Settings → Pages
- Configure your DNS to point to GitHub
- If deploying in co-cddo, use the CNAME
co-cddo.github.io(mta-sts 60 CNAME co-cddo.github.io.)
- If deploying in co-cddo, use the CNAME
- Check the
Custom domainin Settings → Pages and ensureEnforce HTTPSis checked (this can take a few hours) - Check your deployment by visiting the domain, where you should get automatically redirected to
/.well-known/mta-sts.txt(e.g. https://mta-sts.gc3.security.gov.uk) - Set your
_mta-stsTXT record, like_mta-sts 60 TXT "v=STSv1; id=20240215"(where the id value is set to the current date, you'll need to change this ifmta-sts.txtis updated)
You can find more about MTA-STS here: