TLS-RPT Validator
Check a domain's TLS-RPT record for reporting delivery issues.
Validation Result:
Why Validate Your TLS-RPT Record?
TLS-RPT (SMTP TLS Reporting) is the vital reporting component for MTA-STS. It allows you to receive reports from other mail servers when they have trouble establishing a secure, encrypted connection to your mail servers.
Validating your TLS-RPT record ensures it's correctly published at the `_smtp._tls` subdomain and points to a valid reporting address. Without a correctly configured record, you'll be blind to potential TLS issues, making it risky to move your MTA-STS policy to `enforce` mode. This check confirms your reporting pipeline is ready.
TLS-RPT Validator FAQs
Where should a TLS-RPT record be published in DNS?
A TLS-RPT record must be published as a TXT record at the specific hostname `_smtp._tls.yourdomain.com` (replacing 'yourdomain.com' with your actual domain).
What does a valid TLS-RPT record look like?
A valid TLS-RPT record starts with `v=TLSRPTv1;` followed by a `rua=` tag that specifies one or more email addresses to receive the reports, for example: `rua=mailto:tls-reports@example.com;`.
Do I need TLS-RPT if I don't use MTA-STS?
TLS-RPT is primarily designed to work with MTA-STS. If you are not using MTA-STS, there is generally no need to publish a TLS-RPT record as sending servers will have no policy to report on.