How do we know that sending MTA’s are failing MTA-STS?
Much like DMARC, the answer is emailed reports. These reports include detected MTA-STS policies, traffic statistics, unsuccessful connections, and failure reasons.
Enter SMTP TLS Reporting (or TLS-RPT for short). It enables reporting of TLS connectivity problems experienced by the sending MTA’s and is defined in RFC8460.