What is TLS-RPT (SMTP TLS Reporting)?
TLS-RPT (Transport Layer Security Reporting) is an email security standard defined in RFC 8460. It allows email domain owners to request diagnostic reports from external mail servers (like Gmail, Outlook, etc.) about the success or failure of TLS encryption when delivering emails to their domain.
When you implement strict security protocols like MTA-STS (Mail Transfer Agent Strict Transport Security), it's crucial to know if emails are failing due to encryption issues. TLS-RPT closes this feedback loop by specifying a destination (usually an email address or a web URI) where these failure reports should be sent. This provides invaluable visibility into potential inter-compatibility issues or active attacks against your email infrastructure.
Why is TLS-RPT Crucial?
- Visibility: See exactly why secure connections to your server fail.
- Troubleshooting: Identify misconfigurations in your MTA-STS policy or SSL certificates.
- Security: Detect potential downgrade attacks or Man-in-the-Middle (MitM) attempts.
- Compatibility: Ensure you are not accidentally rejecting valid email traffic.
How to Use This Tool
Enter Domain Name
Type your domain (e.g., example.com) into the search bar above.
Click Check Record
Hit the button to query the DNS for the `_smtp._tls` TXT record.
Analyze Results
Review the raw record and parsed data. We'll show you if the record is valid and where reports are being sent (e.g., `mailto:` or `https:`).
Common TLS-RPT Record Syntax
A typical TLS-RPT record is published as a DNS TXT record at the subdomain `_smtp._tls`. It looks like this:
- v=TLSRPTv1: Identifies the version of the protocol.
- rua=...: "Reporting URI(s) for Aggregate data". This specifies where the reports should be sent. Common values use `mailto:` for email delivery or `https:` for web post delivery.
Related Tools
TLS-RPT is part of a larger ecosystem of email authentication protocols. Check out our other free tools to fully secure your domain: