MAIL-02 / EMAIL AUTHENTICATION
TLS-RPT Checker
Check a domain's TLS-RPT record, which asks receiving servers to report back when TLS encryption for your email fails.
About the TLS-RPT Checker
TLS-RPT gives you visibility into how well TLS encryption is working for mail sent to your domain. When a sending server can't establish a secure connection, TLS-RPT asks it to send you a report. This tool checks whether your domain publishes a valid TLS-RPT record.
What this tool checks
It queries the _smtp._tls TXT record and extracts the reporting address where TLS failure reports are sent.
Why pair it with MTA-STS
MTA-STS enforces TLS; TLS-RPT tells you when enforcement causes problems. Together they let you deploy strict TLS safely, with feedback if legitimate mail starts failing.
Frequently asked questions
What is TLS-RPT?
TLS-RPT (SMTP TLS Reporting) is a standard where receiving servers send you daily reports about TLS connection successes and failures for mail to your domain.
Do I need TLS-RPT?
It's highly recommended alongside MTA-STS. Without it, you have no visibility into TLS problems that could be silently blocking or downgrading your mail.
Where do TLS-RPT reports go?
To the address in the rua tag of your record, which can be an email address or an HTTPS endpoint. Many domains point it at a monitoring service that aggregates the reports.