Email
LIVE
TLS-RPT Lookup
Verify the TLS-RPT record for TLS error reporting in email
usage:
tlsrpt-lookup --domain What is TLS-RPT Lookup?
TLS-RPT Lookup verifies the TLS-RPT (TLS Reporting) record of a domain. TLS-RPT enables receiving detailed reports on TLS connection failures during email transfer, helping monitor and resolve encryption issues in email delivery.
Frequently Asked Questions
What is TLS-RPT? +
TLS-RPT (SMTP TLS Reporting, RFC 8460) is a mechanism that allows sending servers to send reports on TLS problems encountered during email delivery, such as expired certificates or missing STARTTLS support.
How is TLS-RPT configured? +
Add a TXT record at _smtp._tls.yourdomain.com with format: v=TLSRPTv1; rua=mailto:tlsrpt@yourdomain.com. Reports will be sent to the specified email.
What information do TLS-RPT reports contain? +
Reports include: sending domain, policy type applied (MTA-STS/DANE), number of successful and failed sessions, TLS error type (certificate, connection, policy), and timestamps.
Is TLS-RPT necessary without MTA-STS? +
TLS-RPT is most useful with MTA-STS or DANE active, but can be configured standalone. Without active TLS policies, reports will be limited but can still flag STARTTLS issues.
How often do reports arrive? +
TLS-RPT reports are typically sent every 24 hours by sending servers that support the protocol. In case of many errors, some providers may send more frequent reports.
Where can I view TLS-RPT reports? +
Reports are in JSON format. You can use dedicated services like Report-URI or Postmark to receive, aggregate, and display them in readable dashboards.