TLS-RPT Check
Validate TLS-RPT (TLS Reporting) configuration for a domain.
TLS-RPT enables you to receive reports about TLS connection failures when remote mail servers send email to your domain, helping you identify and fix email delivery issues.
What is TLS-RPT?
TLS-RPT (RFC 8460) is a mechanism that enables mail service providers to:
- Receive failure reports: Get notified when sending servers fail to establish TLS connections
- Diagnose TLS issues: Identify certificate problems, configuration errors, or downgrade attacks
- Improve deliverability: Fix issues before they impact email delivery
TLS-RPT Record Format
- DNS Location: TXT record at
_smtp._tls.{domain} - Required Fields:
v=TLSRPTv1- Version identifierrua=- Report destination (mailto: or https:)
- Example:
v=TLSRPTv1; rua=mailto:tlsrpt@example.com
Companion Standards
TLS-RPT works best with:
- MTA-STS: Enforce TLS for inbound mail delivery
- DANE/TLSA: Pin TLS certificates in DNS (requires DNSSEC)
Without MTA-STS or DANE configured, TLS-RPT reports will be empty since there's no policy to report against.
Related Tools
- TLS-RPT Analyzer - Parse and analyze TLS-RPT reports you've received
- MTA-STS Check - Check MTA-STS configuration (companion standard)
- DANE/TLSA Check - Check DANE configuration (companion standard)
- MX Lookup - Find mail servers for a domain
- SMTP Check - Test mail server connectivity and TLS