TLS-RPT Lookup
TLS-RPT Lookup
Check a domain's SMTP TLS Reporting policy — where TLS failure reports are sent (RFC 8460).
Enter a domain above to check its TLS reporting policy
About this tool
- What is TLS-RPT?
- SMTP TLS Reporting (RFC 8460). A DNS TXT record at _smtp._tls.domain that tells sending mail servers where to deliver daily JSON reports about TLS connection failures when delivering to your domain.
- What do TLS-RPT reports contain?
- JSON reports summarizing successful and failed TLS connections to your mail servers, broken down by sending domain and failure reason: certificate mismatch, expired cert, MTA-STS policy failure, etc.
- Do I need MTA-STS to use TLS-RPT?
- No, but they are designed as companions. TLS-RPT can be deployed independently to get visibility into TLS delivery issues even before you enforce MTA-STS.
- Where should I send reports?
- Use a mailbox you monitor (e.g. tls-reports@yourdomain.com) or a third-party DMARC/TLS report processing service. The rua value accepts mailto: or https: URIs as defined in RFC 8460.