{"openapi":"3.1.0","info":{"title":"MTA-STS API","version":"1.0.0","description":"Inspect a domain's SMTP transport-security posture — whether mail servers are required to deliver inbound mail over authenticated TLS, protecting it from downgrade and man-in-the-middle attacks. Pass a domain and the service fetches the MTA-STS policy file from mta-sts.<domain>/.well-known/mta-sts.txt (its version, mode, the permitted MX hosts and max_age), the _mta-sts DNS TXT record (its policy id) and the _smtp._tls TLS-RPT record (the rua reporting address), then reports whether MTA-STS is actually enforced and a prioritised list of issues — no policy file, no DNS record, a mode of only \"testing\", or a missing TLS-RPT record. A second endpoint returns just the parsed policy file. The request is made server-side and private/internal targets are refused (SSRF-guarded). Built for email-deliverability and anti-downgrade-attack audits, vendor and third-party assessment, and compliance. An MTA-STS / TLS-RPT checker — the SMTP transport-security counterpart to the email-authentication analyzer (emailsec, which covers SPF, DKIM and DMARC), and distinct from raw DNS lookup (dns). No upstream key, no cache.","contact":{"name":"PremiumApi","url":"https://www.oanor.com/by/premiumapi"}},"servers":[{"url":"https://api.oanor.com/mtasts-api","description":"oanor gateway"}],"tags":[{"name":"MTA-STS"},{"name":"Meta"}],"components":{"securitySchemes":{"oanorKey":{"type":"apiKey","in":"header","name":"x-oanor-key","description":"Get your key at https://www.oanor.com/developer/keys"}}},"security":[{"oanorKey":[]}],"paths":{"/v1/check":{"get":{"operationId":"get_v1_check","tags":["MTA-STS"],"summary":"MTA-STS + TLS-RPT posture","description":"","parameters":[{"name":"domain","in":"query","required":true,"description":"Domain to inspect","schema":{"type":"string"},"example":"google.com"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"domain":"google.com","issues":[],"policy":{"mx":["smtp.google.com","aspmx.l.google.com","*.aspmx.l.google.com"],"url":"https://mta-sts.google.com/.well-known/mta-sts.txt","mode":"enforce","found":true,"valid":true,"max_age":86400,"version":"STSv1"},"tls_rpt":{"rua":["mailto:sts-reports@google.com"],"found":true,"record":"v=TLSRPTv1;rua=mailto:sts-reports@google.com"},"enforced":true,"sts_record":{"id":"20210803T010101","found":true,"record":"v=STSv1; id=20210803T010101;"}},"meta":{"timestamp":"2026-06-01T23:40:44.479Z","request_id":"c95d7830-cf6d-4850-93cb-80a5721267db"},"status":"ok","message":"MTA-STS checked","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/policy":{"get":{"operationId":"get_v1_policy","tags":["MTA-STS"],"summary":"Parsed MTA-STS policy file","description":"","parameters":[{"name":"domain","in":"query","required":true,"description":"Domain to inspect","schema":{"type":"string"},"example":"microsoft.com"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"mx":["*.mail.protection.outlook.com"],"url":"https://mta-sts.microsoft.com/.well-known/mta-sts.txt","mode":"enforce","found":true,"domain":"microsoft.com","max_age":604800,"version":"STSv1"},"meta":{"timestamp":"2026-06-01T23:40:44.675Z","request_id":"93b6c1a0-8174-4bc6-b1a9-a890be526bb6"},"status":"ok","message":"Policy retrieved","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/meta":{"get":{"operationId":"get_v1_meta","tags":["Meta"],"summary":"Checks & policy modes","description":"","parameters":[],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"note":"Inspect a domain's SMTP transport-security posture — whether mail servers are required to deliver inbound mail over authenticated TLS. /v1/check?domain=google.com fetches the MTA-STS policy file from mta-sts.<domain>/.well-known/mta-sts.txt (version, mode, the permitted MX hosts and max_age), the _mta-sts DNS TXT record (its policy id) and the _smtp._tls TLS-RPT record (the rua reporting address), then reports whether MTA-STS is actually enforced and a prioritised list of issues (no policy, no DNS record, mode only 'testing', missing TLS-RPT). /v1/policy returns just the parsed policy file. The request is made server-side and private/internal targets are refused (SSRF-guarded). Ideal for email-deliverability and anti-downgrade-attack audits, vendor assessment and compliance. An MTA-STS / TLS-RPT checker — the SMTP transport-security counterpart to the email-authentication analyzer (emailsec, which covers SPF/DKIM/DMARC), and distinct from raw DNS lookup (dns). No key, no cache.","modes":["enforce","testing","none"],"checks":["MTA-STS policy file (mta-sts.<domain>/.well-known/mta-sts.txt)","_mta-sts DNS TXT","_smtp._tls TLS-RPT DNS TXT"],"endpoints":["/v1/check","/v1/policy","/v1/meta"]},"meta":{"timestamp":"2026-06-01T23:40:44.772Z","request_id":"a526b2e9-af40-4927-816b-4f04c8b6b030"},"status":"ok","message":"Meta retrieved","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}}},"x-oanor-pricing":[{"slug":"free","name":"Free","price_cents_month":0,"monthly_call_quota":2180,"rps_limit":2,"hard_limit":true},{"slug":"starter","name":"Starter","price_cents_month":640,"monthly_call_quota":42500,"rps_limit":8,"hard_limit":true},{"slug":"pro","name":"Pro","price_cents_month":2070,"monthly_call_quota":222000,"rps_limit":20,"hard_limit":true},{"slug":"mega","name":"Mega","price_cents_month":5400,"monthly_call_quota":835000,"rps_limit":50,"hard_limit":true}],"x-oanor-marketplace-url":"https://www.oanor.com/api/mtasts-api"}