The Scenario
You're the security compliance officer for a company with 50 corporate sending domains. An auditor sent a pre-audit questionnaire last week, and one of the questions asks you to document MTA-STS policy status for every sending domain. The audit is next Tuesday.
You have never checked MTA-STS policy before. You Googled it. You found MX Toolbox. You stared at the workbook of 50 domains and realized this is going to take a while.
The bad version:
- Open MX Toolbox MTA-STS lookup, paste the first domain, read the policy mode — enforce, testing, or none — note whether the record exists at all, go back to the workbook, enter the values.
- Realize around domain 20 that you're not sure whether "none" means the record exists with policy mode none, or means the record doesn't exist, and you've been inconsistent.
- Submit the documentation with a note that says "some values may need verification" — which is not what auditors want to read.
The audit is Tuesday. Inconsistent documentation submitted in advance does not give auditors confidence.
The Easy Way: One Prompt in SheetXAI
SheetXAI is an AI agent that lives inside your Excel workbook. It reads your domain list and through its built-in MX Toolbox integration looks up MTA-STS records for every domain, writing policy mode and error information back to the workbook with consistent formatting.
Use MXToolbox MTA-STS lookup on all domains in my Excel workbook and mark each as ENFORCE, TESTING, NONE, or MISSING in column B with the raw record in column C
What You Get
- Column B: a consistent policy label — ENFORCE, TESTING, NONE, or MISSING — for every domain
- Column C: the raw MTA-STS record text, or blank if no record was found
- No ambiguity between "policy mode none" and "no record found" — the MISSING label handles that distinction
What If the Data Is Not Quite Ready
Auditor wants error details alongside the policy label
For each domain in column A, use MXToolbox MTA-STS lookup to retrieve the record, write the policy label in column B, the raw record in column C, and any diagnostic errors in column D — mark column D as CLEAN if no errors were found
Some domains are internal mail relays that should be exempt
Check column B for each row — if it says INTERNAL-RELAY, skip that domain and leave columns C through E blank; for all other rows, run MXToolbox MTA-STS lookup and write policy label, raw record, and any errors into columns C, D, E
Need to flag non-enforcing domains for remediation
Run MXToolbox MTA-STS lookups for all domains in column A, write the policy label in column B, and add a column C label — COMPLIANT if the policy is ENFORCE, REVIEW-NEEDED if it is TESTING or NONE, and NOT-CONFIGURED if the record is MISSING — sort so NOT-CONFIGURED and REVIEW-NEEDED rows appear at the top
Full audit-ready documentation in one shot
For all domains in column A, run MXToolbox MTA-STS lookups, write policy label in column B, raw record in column C, any errors in column D, and an AUDIT-STATUS label in column E — COMPLIANT for ENFORCE, PARTIAL for TESTING, NON-COMPLIANT for NONE or MISSING — then sort by column E
Submit documentation the auditor can actually use.
Try It
Get the 7-day free trial of SheetXAI and open your corporate domain workbook, then ask it to run MTA-STS lookups across column A. Related: Full Email Authentication Audit or the MX Toolbox overview for Excel.
