Validate your TLS-RPT DNS record, check report destinations, and verify MTA-STS integration per RFC 8460.
SMTP TLS Reporting (TLS-RPT) is defined in RFC 8460. It enables domain owners to receive reports about TLS connectivity problems experienced by sending mail servers. When a remote server encounters a TLS negotiation failure -- such as an expired certificate, hostname mismatch, or missing STARTTLS support -- it sends a structured JSON report to the endpoints specified in your TLS-RPT DNS record.
A TLS-RPT record is published as a TXT record at _smtp._tls.<domain> with two tags: v=TLSRPTv1 (version) and rua= (comma-separated
list of mailto: and/or https: report destination URIs).
For maximum reliability, configure both a mailto and an HTTPS endpoint.
TLS-RPT and MTA-STS (RFC 8461) are complementary standards. MTA-STS tells sending servers to enforce TLS, while TLS-RPT provides the feedback loop for when that enforcement fails. Deploying both together gives you mandatory TLS enforcement with full reporting on any failures.
Continuous monitoring, aggregate report parsing, and actionable insights for all your email authentication protocols.
Start Free