calendly.com

Checked 5/14/2026, 10:54:04 PM · 18ms

No MTA-STS at all. Mail in transit is not enforced.

Warnings

No MTA-STS DNS record at _mta-sts.calendly.com. Mail receivers cannot discover your STS policy.
Could not fetch policy at https://mta-sts.calendly.com/.well-known/mta-sts.txt. The policy file is required to enforce MTA-STS.
policy: host check failed: DNS resolution failed

DNS record

missing

looked up: _mta-sts.calendly.com

Policy file

unreachable

https://mta-sts.calendly.com/.well-known/mta-sts.txt

TLS-RPT (failure reporting)

missing

No TLS-RPT record found. Without it, you do not learn when receivers fail to enforce STS against your domain.

Recommendations

Publish a TXT record at _mta-sts.calendly.com: "v=STSv1; id=$(date +%Y%m%d%H%M%S)" (or any unique id you bump when the policy changes).
Serve a plaintext policy at https://mta-sts.calendly.com/.well-known/mta-sts.txt with version, mode, mx and max_age fields. The HTTPS cert must be trusted (no self-signed).
Publish a TLS-RPT record at _smtp._tls.calendly.com: "v=TLSRPTv1; rua=mailto:[email protected]" so receivers can report STS / TLS failures back to you.

Auto-fix: copy these MTA-STS + TLS-RPT records

for calendly.com

The id is an opaque string. Bump it whenever you change the policy file, otherwise receivers will keep using the cached version.

Type: TXT
Name: _mta-sts
Value: v=STSv1; id=20260514225404
TTL: Auto

TLS-RPT lets receivers send you JSON reports when STS / DANE fails. Point the rua at a mailbox you actually monitor.

Type: TXT
Name: _smtp._tls
Value: v=TLSRPTv1; rua=mailto:[email protected]
TTL: Auto

DNS → Records → Add record. Pick the type, paste Name and Content as shown below.
Set Proxy status to "DNS only" (grey cloud) for TXT / CAA records. TTL: Auto.

Auto-fix: serve this policy file

Host the file below at https://mta-sts.calendly.com/.well-known/mta-sts.txt with a trusted TLS cert (no self-signed). Replace the mx: line(s) with each of your real mail servers. Start with mode: testing to collect TLS-RPT failure reports before raising to mode: enforce.

version: STSv1
mode: testing
mx: mail.calendly.com
max_age: 86400

Cloudflare Workers, Pages, or any static host with HTTPS can serve this. The well-known path needs a Content-Type of text/plain.

AI-assisted remediation

Want a tailored fix plan in plain English?

Wiredepth Pro sends this report to our AI engine and streams back a 30-day rollout plan tailored to calendly.com, with provider-specific tips when we can infer them from the data. 10 playbooks per month on Pro, 100 on MSP.

ProSee Pro plans→

Check another domain

Or share this URL with the team that owns the records.