I am 2+ weeks after deploying MTA-STS policy and I am getting TLS Reporting. I am seeing daily reports in dmarcian but reporter Google Inc reports are 100% in the no policy found group. All others are in the sts policy. testing mode. All are 100% success.
I’m stumped why Google Inc isn’t recognizing the policy. No error reports. 100% success.
Dmarcian TLS inspector shows all ok.
Policy Text:
version: STSv1
mode: testing
mx: mydomain-com.mail.protection.outlook.c…
max_age: 600
POSSIBLE UPDATE: I noticed an update on an article (MTA-STS explained) that " Google will only process policies with a max_age higher than 86000 seconds. Policies with a max_age of 86000 or lower will be ignored and a daily no-policy-found report will be sent if TLS-RPT is enabled (see “Monitoring and reporting” below)."
I’ve modified the .wellknown/mta-sts.txt file set max_age above the min 86000 suggested in the article. Also see google support answer (2. Create an MTA-STS policy - Google Workspace Admin Help) that says the max_age value must be between 86400 (1 day) and 31557600 (about 1 year).
version: STSv1
mode: testing
mx: mydomain-com…
max_age: 86400