📬 Companies without MTA-STS

Name: Companies without MTA-STS
Creator: LynxRadar
Keywords: companies without MTA-STS, email TLS downgrade, MTA-STS adoption

These domains have no MTA-STS configured, leaving email in transit vulnerable to TLS downgrade attacks between mail servers.

Companies affected

2378

Total scanned

Prevalence

Domain

Score

Tier

MTA-STS Status

plyprd.grupoib.local

38/100

Fail

Not configured

qipu.prd.interbank.per

38/100

Fail

Not configured

infowars.com

55/100

Fail

Not configured

epvw.fa.us6.oraclecloud.com

62/100

Conditional

Not configured

hq1.appsflyer.com

62/100

Conditional

Not configured

+34 more companies

This dataset is available on request. Leave your work email and we'll send you the full list within 24 hours.

No spam — we only use this to send you the data

Request received

We'll send the full dataset to your inbox shortly. Keep an eye out for an email from the LynxRadar team.

Which companies don't have MTA-STS configured?

MTA-STS (Mail Transfer Agent Strict Transport Security) prevents TLS downgrade attacks on email in transit between mail servers. Without it, an attacker can intercept the SMTP connection and strip TLS encryption, reading emails in plaintext. Despite being a critical email security layer, MTA-STS adoption remains very low.

LynxRadar scanned 2378 domains including Fortune 500 companies and Y Combinator startups. Of those, 39 (2%) were found to have this security gap. The data above is updated continuously as new domains are scanned. Scan any domain to check its status.

Frequently Asked Questions

What is MTA-STS?

MTA-STS tells sending mail servers that your domain requires TLS encryption for email delivery. Without it, a man-in-the-middle attacker can downgrade the connection to plaintext and read emails.

How many companies have MTA-STS?

In LynxRadar's scan of 2378 domains, 39 (2%) were found without MTA-STS configured.