TLS-RPT Lookup

TLS-RPT Lookup

Check a domain's SMTP TLS Reporting policy — where TLS failure reports are sent (RFC 8460).

Enter a domain above to check its TLS reporting policy

About this tool

What is TLS-RPT?
SMTP TLS Reporting (RFC 8460). A DNS TXT record at _smtp._tls.domain that tells sending mail servers where to deliver daily JSON reports about TLS connection failures when delivering to your domain.
What do TLS-RPT reports contain?
JSON reports summarizing successful and failed TLS connections to your mail servers, broken down by sending domain and failure reason: certificate mismatch, expired cert, MTA-STS policy failure, etc.
Do I need MTA-STS to use TLS-RPT?
No, but they are designed as companions. TLS-RPT can be deployed independently to get visibility into TLS delivery issues even before you enforce MTA-STS.
Where should I send reports?
Use a mailbox you monitor (e.g. tls-reports@yourdomain.com) or a third-party DMARC/TLS report processing service. The rua value accepts mailto: or https: URIs as defined in RFC 8460.