TLS-RPT Report Analyzer
Parse and analyze TLS-RPT JSON reports to identify TLS failures and get recommendations.
TLS-RPT reports are sent by remote mail servers when they experience TLS failures delivering to your domain. Upload or paste a report to analyze failure patterns and get actionable recommendations.
What is TLS-RPT?
TLS-RPT (RFC 8460) reports are JSON files sent by remote mail servers containing:
- Session statistics: Success and failure counts for TLS connections
- Failure details: Specific error types like certificate-expired, starttls-not-supported
- Policy information: MTA-STS or DANE policy being evaluated
- Sender details: IPs of servers that experienced failures
Common Failure Types
- certificate-expired
- Your mail server's TLS certificate has expired
- certificate-host-mismatch
- Certificate hostname doesn't match your MX record
- starttls-not-supported
- Your mail server doesn't support STARTTLS
- sts-policy-fetch-error
- MTA-STS policy file couldn't be retrieved
- tlsa-invalid
- DANE TLSA record doesn't match the certificate
How to Get TLS-RPT Reports
- Configure TLS-RPT DNS record (check your configuration)
- Set up MTA-STS (check MTA-STS) or DANE (check DANE)
- Reports will be sent to your configured rua= address (mailto: or https:)
- Reports may be gzip compressed - this tool handles both formats
Related Tools
- TLS-RPT Check - Verify your TLS-RPT DNS configuration
- MTA-STS Check - Check MTA-STS policy
- DANE/TLSA Check - Verify DANE certificate pinning
- SSL Check - Analyze TLS certificates