Skip to content

TLS-RPT Generator (Aggregate Reports for SMTP TLS)

Generate and validate TLS-RPT records with best-practice reporting addresses and verification steps.

What is TLS-RPT?

TLS-RPT (TLS Reporting) provides aggregate reports about TLS connection failures and successes for SMTP email delivery.

Aggregate Reports

Daily summaries of TLS connection attempts

Failure Detection

Identify TLS handshake and certificate issues

MTA-STS Integration

Works with MTA-STS for comprehensive monitoring

Delivery Insights

Monitor email delivery security trends

TLS-RPT Record Builder

Configuration

Best Practices

  • • Use a dedicated email for TLS reports
  • • Ensure the address can handle daily reports
  • • Consider automated report processing

Generated TLS-RPT Record

DNS Record Type: TXT
Host: _smtp._tls.yourdomain.com
v=TLSRPTv1; rua=mailto:tls-rpt@yourdomain.com

Validate Existing TLS-RPT

Enter a domain above to validate its TLS-RPT record

Understanding TLS-RPT Reports

Sample report structure and key metrics to monitor.

Sample Report Structure

{
  "organization-name": "Example Corp",
  "date-range": {
    "start-datetime": "2024-01-01T00:00:00Z",
    "end-datetime": "2024-01-01T23:59:59Z"
  },
  "policies": [{
    "policy": {"type": "sts", "domain": "example.com"},
    "summary": {
      "total-successful-session-count": 1250,
      "total-failure-session-count": 15
    }
  }]
}

Success Metrics

  • • Successful TLS connections
  • • Certificate validation passes
  • • Policy compliance rate

Failure Types

  • • Certificate validation errors
  • • TLS handshake failures
  • • Policy violations

Key Insights

  • • Delivery success rates
  • • Security posture trends
  • • Configuration issues

Related Email Security Tools

MTA-STS Checker

Validate MTA-STS policies

SMTP TLS Checker

Test STARTTLS and ciphers

Deliverability Test

Complete email security audit

Run a Full Email Security Audit

Check TLS-RPT, MTA-STS, DMARC, SPF, and more in one scan

Run Full Deliverability Test

Frequently Asked Questions

What reporting addresses should I use?

Use dedicated email addresses like tls-rpt@yourdomain.com or postmaster@yourdomain.com. Ensure these addresses can handle potentially high report volumes and consider automated processing.

Should I be concerned about report volume?

TLS-RPT reports are sent daily and can be substantial for high-volume domains. Consider using a dedicated inbox or third-party service for report processing and analysis.

How does TLS-RPT work with MTA-STS?

TLS-RPT provides reporting for MTA-STS policy enforcement. When you have both configured, you'll receive detailed reports about TLS connection successes and failures related to your MTA-STS policy.