Create .well-known directory to publish MTA-STS policy for Google Workspace

Technical Q&A

Topic summary

Users are attempting to implement MTA-STS (Mail Transfer Agent Strict Transport Security) policy for Google Workspace by creating a .well-known directory on their domains, as outlined in Google’s security guidelines.

Core Problem:

  • Step 3 requires creating a .well-known directory in a subdomain
  • Users with domains registered through Google Domains and hosted on Shopify cannot create this directory
  • Google Domains states directory creation is a web hosting function, not a registrar service
  • Shopify doesn’t allow management of third-party domains for this purpose

Proposed Solution:
Multiple users report successfully using Firebase (free) as a workaround:

  • Set up the custom subdomain in Firebase
  • Point DNS records from the domain registrar to Firebase
  • Host the MTA-STS policy file there
  • One user confirms their implementation is working with a live example URL

Status: The discussion remains open with users seeking detailed implementation guidance, though a viable free solution has been identified.

Summarized with AI on November 2. AI used: claude-sonnet-4-5-20250929.
1

Hello,

I’m following the Google Workspace guidelines for publishing MTA-STS policy to increase email security.

https://support.google.com/a/answer/9276387?hl=en&fl=1

And I’m stuck on step 3 - Create a directory named .well-known in the subdomain.

My domain is handled by Google Domains. When contacting Google Support, they responded that ‘creating a directory is offered/created by web hosting that is being managed by the web host providers and not registrars like us(Google Domains)’. And advised me to contact the respective web hosting provider - Shopify.

But since it’s a third-party domain for Shopify, I cannot manage it here either.

I would appreciate any advice on this matter.

Kind regards,

Polina

5 Likes
2

I’m experiencing the same issue - haven’t found a solution yet

2 Likes
3

I am having the very same issue

2 Likes
4

I had exactly the same issue and i don’t think it is possible to do this via Shopify. The successful (and free) way round i found was to use Firebase and set up the custom domain then have point to this from within the DNS settings of your domain registrar. Does take a bit of time but worth it in the long run i suppose, if you want a more detailed explanation, let me know

5

I just used firebase to set up the mta-txt.file for free. This is the url and it is working perfectly: https://mta-sts.ibuypc.in/.well-known/mta-sts.txt