This templated repository automatically deploys a GitHub Pages site for hosting a mta-sts.txt
file.
You should be configuring a mta-sts.txt
deployment for every domain you recieve emails with.
When using this template you need to set the new name to the mta-sts fully qualified domain name, like mta-sts.gc3.security.gov.uk
, this is to ensure the auto-discovery and deployment of Pages works appropriately. You can alternatively set the MTASTS_DOMAIN
environment variable in the workflow.
By default, this repo looks up your MX records and sets the mta-sts to testing
mode using the configure workflow.
- Publish a TLS-RPT record, like
_smtp._tls 300 TXT "v=TLSRPTv1;rua=mailto:tls-rua@mailcheck.service.ncsc.gov.uk"
- Use this template, making sure to set the new repository name to the full mta-sts domain, like
mta-sts.gc3.security.gov.uk
- Observe the Actions to make sure configure.yml and gh-pages.yml deploy correctly
- Configure your DNS to point to GitHub
- If deploying in co-cddo, use the CNAME
co-cddo.github.io
(mta-sts 60 CNAME co-cddo.github.io.
)
- If deploying in co-cddo, use the CNAME
- Check the
Custom domain
in Settings → Pages and ensureEnforce HTTPS
is checked - Check your deployment by visiting the domain, where you should get automatically redirected to
/.well-known/mta-sts.txt
(e.g. https://mta-sts.gc3.security.gov.uk) - Set your
_mta-sts
TXT record, like_mta-sts 60 TXT "v=STSv1; id=20240215"
(where the id value is set to the current date, you'll need to change this ifmta-sts.txt
is updated)
You can find more about MTA-STS here: