TLS-RPT Record Checker

What is TLS-RPT?

SMTP TLS Reporting (TLS-RPT) is defined in RFC 8460. It enables domain owners to receive reports about TLS connectivity problems experienced by sending mail servers. When a remote server encounters a TLS negotiation failure -- such as an expired certificate, hostname mismatch, or missing STARTTLS support -- it sends a structured JSON report to the endpoints specified in your TLS-RPT DNS record.

A TLS-RPT record is published as a TXT record at _smtp._tls.<domain> with two tags: v=TLSRPTv1 (version) and rua= (comma-separated list of mailto: and/or https: report destination URIs). For maximum reliability, configure both a mailto and an HTTPS endpoint.

TLS-RPT and MTA-STS (RFC 8461) are complementary standards. MTA-STS tells sending servers to enforce TLS, while TLS-RPT provides the feedback loop for when that enforcement fails. Deploying both together gives you mandatory TLS enforcement with full reporting on any failures.

Read the complete TLS-RPT guide to learn more.