Skip to content
SMTPDoctor

MAIL-02 / EMAIL AUTHENTICATION

TLS-RPT Checker

Check a domain's TLS-RPT record, which asks receiving servers to report back when TLS encryption for your email fails.

About the TLS-RPT Checker

TLS-RPT gives you visibility into how well TLS encryption is working for mail sent to your domain. When a sending server can't establish a secure connection, TLS-RPT asks it to send you a report. This tool checks whether your domain publishes a valid TLS-RPT record.

What this tool checks

It queries the _smtp._tls TXT record and extracts the reporting address where TLS failure reports are sent.

Why pair it with MTA-STS

MTA-STS enforces TLS; TLS-RPT tells you when enforcement causes problems. Together they let you deploy strict TLS safely, with feedback if legitimate mail starts failing.

Frequently asked questions

What is TLS-RPT?

TLS-RPT (SMTP TLS Reporting) is a standard where receiving servers send you daily reports about TLS connection successes and failures for mail to your domain.

Do I need TLS-RPT?

It's highly recommended alongside MTA-STS. Without it, you have no visibility into TLS problems that could be silently blocking or downgrading your mail.

Where do TLS-RPT reports go?

To the address in the rua tag of your record, which can be an email address or an HTTPS endpoint. Many domains point it at a monitoring service that aggregates the reports.