Skip to content

Instantly share code, notes, and snippets.

@dotysan

dotysan/mta-sts.js

Last active October 9, 2025 00:45
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dotysan/5ca9bee46425d1b3af47319801e6692c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dotysan/5ca9bee46425d1b3af47319801e6692c to your computer and use it in GitHub Desktop.
Download ZIP
CloudFlare Worker for MTA-STS policy
Raw
mta-sts.js
// const mode = 'testing';
const mode = 'enforce';
// const max_age = 86400; // 1 day
const max_age = 604800; // 1 week
const mx_list = [
'aspmx.l.google.com',
'alt1.aspmx.l.google.com',
'alt2.aspmx.l.google.com',
'alt3.aspmx.l.google.com',
'alt4.aspmx.l.google.com',
];
const sts = `version: STSv1
mode: ${mode}
${mx_list.map(i=> 'mx: '+ i).join('\n')}
max_age: ${max_age}`;
export default{
async fetch() {
return new Response(sts);
},
};
@dotysan
Copy link
Author

dotysan commented Oct 9, 2025

And add an A record to be able to route the traffic to this worker:

  • Type: A
  • Name: mta-sts
  • IPv4 address: 192.0.2.1
  • Proxy status: On (this is important!)
  • TTL: Auto

To be clear, you don't need an A record. And this could be dangerous.

Just use a route instead. mta-sts.*/.well-known/mta-sts.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment