sap.com

Checked 5/14/2026, 10:53:04 PM · 141ms

No MTA-STS at all. Mail in transit is not enforced.

Warnings

No MTA-STS DNS record at _mta-sts.sap.com. Mail receivers cannot discover your STS policy.
Could not fetch policy at https://mta-sts.sap.com/.well-known/mta-sts.txt. The policy file is required to enforce MTA-STS.
policy: host check failed: DNS resolution failed

DNS record

missing

looked up: _mta-sts.sap.com

Policy file

unreachable

https://mta-sts.sap.com/.well-known/mta-sts.txt

TLS-RPT (failure reporting)

present

v=TLSRPTv1; rua=mailto:[email protected]

rua: mailto:[email protected]

Recommendations

Publish a TXT record at _mta-sts.sap.com: "v=STSv1; id=$(date +%Y%m%d%H%M%S)" (or any unique id you bump when the policy changes).
Serve a plaintext policy at https://mta-sts.sap.com/.well-known/mta-sts.txt with version, mode, mx and max_age fields. The HTTPS cert must be trusted (no self-signed).

Auto-fix: copy this MTA-STS record

for sap.com

The id is an opaque string. Bump it whenever you change the policy file, otherwise receivers will keep using the cached version.

Type: TXT
Name: _mta-sts
Value: v=STSv1; id=20260514225304
TTL: Auto

DNS → Records → Add record. Pick the type, paste Name and Content as shown below.
Set Proxy status to "DNS only" (grey cloud) for TXT / CAA records. TTL: Auto.

Auto-fix: serve this policy file

Host the file below at https://mta-sts.sap.com/.well-known/mta-sts.txt with a trusted TLS cert (no self-signed). Replace the mx: line(s) with each of your real mail servers. Start with mode: testing to collect TLS-RPT failure reports before raising to mode: enforce.

version: STSv1
mode: testing
mx: mail.sap.com
max_age: 86400

Cloudflare Workers, Pages, or any static host with HTTPS can serve this. The well-known path needs a Content-Type of text/plain.

AI-assisted remediation

Want a tailored fix plan in plain English?

Wiredepth Pro sends this report to our AI engine and streams back a 30-day rollout plan tailored to sap.com, with provider-specific tips when we can infer them from the data. 10 playbooks per month on Pro, 100 on MSP.

ProSee Pro plans→

Check another domain

Or share this URL with the team that owns the records.