How is MTA-STS policy published and cached?

The policy is fetched from the HTTPS endpoint and cached for the duration specified in the file. Cached policies override DNS changes until expiration.

This ensures stability but demands careful certificate management. Sending MTAs refresh the policy according to the max\_age value inside the file rather than the DNS TTL.