diff --git a/html/robots.txt b/html/robots.txt
new file mode 100644
index 0000000..3dc81a5
--- /dev/null
+++ b/html/robots.txt
@@ -0,0 +1,3 @@
+# MTA-STS policy files are for email security only; no need to index
+User-agent: *
+Disallow: /.well-known/
diff --git a/nginx/default.conf b/nginx/default.conf
index c3f5fe1..9ef184b 100644
--- a/nginx/default.conf
+++ b/nginx/default.conf
@@ -4,6 +4,14 @@ server {
     server_name _;
     root /usr/share/nginx/html;
     index index.html;
+
+    # Prevent search engines from indexing MTA-STS policy (technical file, not for search)
+    location /.well-known/ {
+        root /usr/share/nginx/html;
+        add_header X-Robots-Tag "noindex, nofollow";
+        try_files $uri =404;
+    }
+
     location / {
         try_files $uri $uri/ =404;
     }