Back to MX Toolbox in Google Sheets
SheetXAI logo
MX Toolbox logo
MX Toolbox · Google Sheets Guide

Bulk MTA-STS Policy Audit for Mail Transport Security From a Google Sheet

2026-05-14
5 min read

The Scenario

You're the security compliance officer for a company with 50 corporate sending domains. An auditor sent a pre-audit questionnaire last week, and one of the questions asks you to document MTA-STS policy status for every sending domain. The audit is next Tuesday.

You have never checked MTA-STS policy before. You Googled it. You found MX Toolbox. You stared at the spreadsheet of 50 domains and realized this is going to take a while.

The bad version:

  • Open MX Toolbox MTA-STS lookup, paste the first domain, read the policy mode — enforce, testing, or none — note whether the record exists at all, go back to the spreadsheet, enter the values.
  • Realize around domain 20 that you're not sure whether "none" means the record exists with policy mode none, or means the record doesn't exist, and you've been inconsistent.
  • Submit the documentation with a note that says "some values may need verification" — which is not what auditors want to read.

The audit is Tuesday. Inconsistent documentation submitted in advance does not give auditors confidence.

The Easy Way: One Prompt in SheetXAI

SheetXAI is an AI agent that lives inside your Google Sheet. It reads your domain list and through its built-in MX Toolbox integration looks up MTA-STS records for every domain, writing policy mode and error information back to the sheet with consistent formatting.

For every domain in column A, look up the MTA-STS record via MXToolbox and write whether MTA-STS is enabled, the policy mode — enforce, testing, or none — and any errors into columns B, C, and D

What You Get

  • Column B: whether MTA-STS is enabled — YES or NO — for each domain
  • Column C: the policy mode — ENFORCE, TESTING, NONE, or MISSING if no record exists — consistently formatted
  • Column D: any errors or diagnostic notes from the MX Toolbox lookup, blank if clean
  • 50 domains checked with no ambiguity between "policy mode none" and "no record found"

What If the Data Is Not Quite Ready

Auditor wants raw record text, not just the policy label

For each domain in column A, use MXToolbox MTA-STS lookup to retrieve the record, write whether MTA-STS is enabled in column B, the policy mode label in column C, and the raw record text in column D — mark column E as MISSING if no record was found

Some domains are internal mail relays that should be exempt

Check column B for each row — if it says INTERNAL-RELAY, skip that domain and leave columns C through E blank; for all other rows, run MXToolbox MTA-STS lookup and write enabled status, policy mode, and any errors into columns C, D, E

Need to flag non-enforcing domains for remediation

Run MXToolbox MTA-STS lookups for all domains in column A, write the policy mode in column B, and add a column C label — COMPLIANT if the policy is enforce, REVIEW-NEEDED if it is testing or none, and NOT-CONFIGURED if the record is missing — sort so NOT-CONFIGURED and REVIEW-NEEDED rows appear at the top

Full audit-ready documentation in one shot

For all domains in column A, run MXToolbox MTA-STS lookups, write enabled status in column B, policy mode in column C, raw record in column D, any errors in column E, and an AUDIT-STATUS label in column F — COMPLIANT for enforce, PARTIAL for testing, NON-COMPLIANT for none or missing — then sort by column F

Submit documentation the auditor can actually use.

Try It

Get the 7-day free trial of SheetXAI and open your corporate domain list, then ask it to run MTA-STS lookups across column A. Related: Full Email Authentication Audit or the MX Toolbox overview.

Stop memorizing formulas.
Tell your spreadsheet what to do.

Join 4,000+ professionals saving hours every week with SheetXAI.

Learn more