Overview:
If you receive the error message, "Cannot delete this domain. First remove MTA-STS records from your DNS settings, to delete this domain," it means the domain you are trying to delete from our service has active MTA-STS (Mail Transfer Agent Strict Transport Security) records still present in your DNS settings.
To protect your email configurations and ensure that your email flow remains uninterrupted, domains with active MTA-STS records cannot be deleted directly from the customer portal. This safeguard is in place to prevent accidental disruptions in your email delivery and security protocols.
What is MTA-STS?
MTA-STS is a security feature that forces email systems to use encryption when sending email to your domain. Removing MTA-STS records without proper planning may cause email delivery issues, as some systems may not send emails to domains without valid MTA-STS records.
Steps to Resolve:
Instead of deleting the MTA-STS records entirely, we recommend switching the records to a new provider or updating the address where the MTA-STS policy is hosted. This is the safest option to maintain the integrity of your email flow.
- Access Your DNS Settings: Log into your DNS provider's management console (e.g., GoDaddy, Cloudflare, etc.).
- Find the MTA-STS Records: Locate both the _mta-sts TXT record and the mta-sts CNAME record for the domain.
- Update or Replace the MTA-STS Records:
- For the _mta-sts TXT record, ensure it points to a new, valid ID or policy with the correct configuration.
- For the mta-sts CNAME record, update the value to point to the new hosting address where your MTA-STS policy is located.
- Why Replacement is Important: If the MTA-STS records are simply deleted without a replacement, email delivery may be disrupted, especially for email systems relying on encrypted connections. By updating the records to a new provider, you can avoid such issues.
- Wait for DNS Propagation: It may take up to 24-48 hours for DNS changes to propagate across the internet. During this time, the changes will gradually take effect.
- Remove the Domain from Our Service: Once the DNS records are updated and pointing to a new provider or address, you can proceed with deleting the domain from our service safely.
Why This Protection is in Place:
We’ve implemented this deletion protection to ensure that removing a domain does not unintentionally break important email configurations that could lead to delivery issues or security vulnerabilities. MTA-STS records help secure your email flow, and simply deleting them without a proper replacement can lead to message disruptions.
Need Further Assistance?
If you are unable to update your DNS settings or have questions about switching to a new provider, please contact our support team. We can guide you through the process of safely transitioning your MTA-STS records and ensure there’s no interruption to your email flow.
If you are unable to update your DNS records and would like us to delete these domains from your account please submit a request in this format - https://support.dmarcreport.com/support/solutions/articles/5000890982-how-to-request-domain-deletion-when-unable-to-remove-mta-sts-records