The Scenario
You're the security compliance officer for a company with 50 corporate sending domains. An auditor sent a pre-audit questionnaire last week, and one of the questions asks you to document MTA-STS policy status for every sending domain. The audit is next Tuesday.
You have never checked MTA-STS policy before. You Googled it. You found MX Toolbox. You stared at the spreadsheet of 50 domains and realized this is going to take a while.
The bad version:
- Open MX Toolbox MTA-STS lookup, paste the first domain, read the policy mode — enforce, testing, or none — note whether the record exists at all, go back to the spreadsheet, enter the values.
- Realize around domain 20 that you're not sure whether "none" means the record exists with policy mode none, or means the record doesn't exist, and you've been inconsistent.
- Submit the documentation with a note that says "some values may need verification" — which is not what auditors want to read.
The audit is Tuesday. Inconsistent documentation submitted in advance does not give auditors confidence.
The Easy Way: One Prompt in SheetXAI
SheetXAI is an AI agent that lives inside your Google Sheet. It reads your domain list and through its built-in MX Toolbox integration looks up MTA-STS records for every domain, writing policy mode and error information back to the sheet with consistent formatting.
For every domain in column A, look up the MTA-STS record via MXToolbox and write whether MTA-STS is enabled, the policy mode — enforce, testing, or none — and any errors into columns B, C, and D
What You Get
- Column B: whether MTA-STS is enabled — YES or NO — for each domain
- Column C: the policy mode — ENFORCE, TESTING, NONE, or MISSING if no record exists — consistently formatted
- Column D: any errors or diagnostic notes from the MX Toolbox lookup, blank if clean
- 50 domains checked with no ambiguity between "policy mode none" and "no record found"
What If the Data Is Not Quite Ready
Auditor wants raw record text, not just the policy label
For each domain in column A, use MXToolbox MTA-STS lookup to retrieve the record, write whether MTA-STS is enabled in column B, the policy mode label in column C, and the raw record text in column D — mark column E as MISSING if no record was found
Some domains are internal mail relays that should be exempt
Check column B for each row — if it says INTERNAL-RELAY, skip that domain and leave columns C through E blank; for all other rows, run MXToolbox MTA-STS lookup and write enabled status, policy mode, and any errors into columns C, D, E
Need to flag non-enforcing domains for remediation
Run MXToolbox MTA-STS lookups for all domains in column A, write the policy mode in column B, and add a column C label — COMPLIANT if the policy is enforce, REVIEW-NEEDED if it is testing or none, and NOT-CONFIGURED if the record is missing — sort so NOT-CONFIGURED and REVIEW-NEEDED rows appear at the top
Full audit-ready documentation in one shot
For all domains in column A, run MXToolbox MTA-STS lookups, write enabled status in column B, policy mode in column C, raw record in column D, any errors in column E, and an AUDIT-STATUS label in column F — COMPLIANT for enforce, PARTIAL for testing, NON-COMPLIANT for none or missing — then sort by column F
Submit documentation the auditor can actually use.
Try It
Get the 7-day free trial of SheetXAI and open your corporate domain list, then ask it to run MTA-STS lookups across column A. Related: Full Email Authentication Audit or the MX Toolbox overview.
