MTA-STS Survey Update 2025: Adoption Trends One Year Later

Last year, we published our inaugural MTA-STS adoption survey, tracking how many domains in the top 1 million had implemented Mail Transfer Agent Strict Transport Security (MTA-STS). One year later, it’s time to revisit the data and see how the landscape has changed.
Summary of Changes (April 2024 → April 2025)
We continue to scan the top 1 million domains weekly. Here's how things have evolved in the past year:
Metric | April 2024 | April 2025 | Change |
---|---|---|---|
Domains with MTA-STS | 3,630 | 5,609 | ⬆️ +1,979 (+54%) |
Valid MTA-STS Policies | 2,933 | 4,600 | ⬆️ +1,667 |
Invalid MTA-STS Policies | 697 | 1,009 | ⬆️ +312 |
Coverage in top 1M | 0.4% | 0.6% | ⬆️ +0.2% |
Security Posture: Slightly Stronger
We also looked at the type of policies being published:
Mode | Count (2025) | % Share |
---|---|---|
enforce | 2,495 | 54.2% |
testing | 2,063 | 44.8% |
none | 42 | 0.9% |
This shows a slight shift towards enforce mode, indicating growing confidence in policy deployment.
Top 5 Most Common Errors (2025)
Some of the most frequent reasons MTA-STS policies are marked as invalid:
- ❌ Unable to find an A or AAAA record — 33.3%
- ❌ Issues with the HTTPS certificate — 25.3%
- ❌ Could not establish a secure connection — 5.7%
- ❌ HTTPS certificate expired — 5.6%
- ❌ MX record is not specified in the MTA-STS policy — 5.5%
These errors are easy to overlook but critical to resolve for proper MTA-STS enforcement. You can find a breakdown of problematic domains in our detailed report here: MTA-STS error domain list
Final Thoughts
One year later, it’s clear that MTA-STS adoption is accelerating. The growth is steady, though modest compared to the size of the email ecosystem.
We’ll continue tracking the data throughout the year and sharing key insights. If you'd like to monitor MTA-STS, SPF, DKIM, and DMARC for your domains, try URIports.