What is a TLS-RPT record?

TLS-RPT (SMTP TLS Reporting) is a standard that enables reporting of issues mail servers encounter when trying to make a secure TLS connection to your mail servers. A TLS-RPT record in your DNS tells other servers where to send these reports.

Back to Tools

TLS-RPT Record Generator

Create a DNS record to receive reports on TLS negotiation failures from other mail servers.

Reporting Address (rua=)

Your Generated TLS-RPT Record:

Publish this as a TXT record for `_smtp._tls.yourdomain.com`

What is TLS-RPT?

TLS-RPT (SMTP TLS Reporting) is the essential reporting mechanism for the MTA-STS standard. While MTA-STS tells other mail servers to always use an encrypted connection when sending you email, TLS-RPT tells them where to send a report if that secure connection fails for any reason.

These reports provide crucial diagnostic information, allowing you to identify and fix TLS configuration issues with your mail servers. Implementing TLS-RPT before moving your MTA-STS policy to `enforce` mode is a critical best practice to avoid inadvertently blocking legitimate email.

TLS-RPT Generator FAQs

Why do I need TLS-RPT if I use MTA-STS?

TLS-RPT is the reporting component of MTA-STS. Without it, you have no visibility into whether your MTA-STS policy is causing legitimate emails to fail. The reports allow you to diagnose and fix TLS connectivity issues before moving your MTA-STS policy to 'enforce' mode, preventing accidental email loss.