Free TLS-RPT Checker

Validate your TLS-RPT (TLS Reporting) DNS record to receive aggregated reports about TLS failures on your mail servers. Monitor encryption health and fix issues proactively.

No signup

Instant check

100% free

What Is TLS-RPT?

TLS-RPT (TLS Reporting) is an email security standard that enables domain owners to receive aggregated reports about TLS failures during SMTP connections. It works alongside MTA-STS to provide visibility into encryption issues that might otherwise go unnoticed, such as expired certificates, cipher mismatches, and man-in-the-middle attacks.

Why It Matters

Without TLS-RPT, TLS failures on your mail servers go undetected. You won't know if legitimate senders are being rejected due to certificate problems or if attackers are performing downgrade attacks.

Common Mistakes

Publishing TLS-RPT without a valid rua URI, using an unmonitored mailbox for reports, and not correlating TLS-RPT failures with MTA-STS policy changes are common oversights.

_smtp._tls TXT

v=TLSRPTv1; rua=mailto:…

TLS FAILURE

REPORT RECEIVED

TLS_RPT_ENGINE_V2

MONITORING

How It Works

Input Domain

Type your domain into the TLS-RPT checker.

Query DNS

We search for the _smtp._tls TXT record.

Validate Record

We parse v=TLSRPTv1 and verify the rua report URI.

Monitor Reports

Ensure the rua mailbox is monitored for TLS failure reports.

TXT Record Detection

Verifies the presence and format of the _smtp._tls TXT record. Checks for v=TLSRPTv1 syntax and flags malformed or missing records.

Report URI Validation

Checks that the rua (Report URI for Aggregation) is properly configured and points to a valid HTTPS or mailto endpoint for receiving reports.

Syntax Parsing

Parses the full TLS-RPT record for correct tag-value pairs, validates the version string, and detects duplicate or conflicting directives.

Failure Detection

TLS-RPT reports certificate expiry, cipher mismatch, STARTTLS stripping, and connection timeouts. Monitor these to maintain email security.

MTA-STS Correlation

TLS-RPT works best with MTA-STS. Use both together — MTA-STS enforces TLS, and TLS-RPT reports on failures. A powerful security pair.

Copy-Ready Output

Displays the full TLS-RPT record in a clean, copyable format. Use for documentation, DNS configuration, or audit reports.

Frequently Asked Questions

What is TLS-RPT?

TLS-RPT (TLS Reporting) is an email security standard that enables domain owners to receive aggregated reports about TLS failures during SMTP connections. It provides visibility into encryption issues on mail servers.

How does TLS-RPT work?

You publish a TXT record at _smtp._tls.yourdomain with v=TLSRPTv1 and a rua URI. When sending mail servers encounter TLS failures connecting to your MX hosts, they send aggregated reports to the rua endpoint.

What is the difference between TLS-RPT and MTA-STS?

MTA-STS enforces TLS encryption for SMTP connections. TLS-RPT reports on TLS failures without enforcing anything. Use MTA-STS to enforce, and TLS-RPT to monitor. They are complementary standards.

What TLS failures does TLS-RPT report?

TLS-RPT reports STARTTLS failures, certificate validation failures, cipher mismatches, connection timeouts, and other TLS negotiation problems that prevent encrypted mail delivery.

Can I use TLS-RPT without MTA-STS?

Yes. TLS-RPT works independently and reports on all TLS failures, regardless of MTA-STS policy. However, using both together provides the strongest security and visibility combination.

Is this TLS-RPT checker free?

Yes, this tool is 100% free with no signup required. For automated TLS-RPT monitoring, MTA-STS policy tracking, and TLS failure alerting, upgrade to CyberFurl Pro.

Related Security Tools

TLS certificate health

Need Continuous TLS Monitoring?

Automate TLS-RPT, MTA-STS, and certificate checks. Get alerted when TLS failures occur, certificates expire, or encryption policies drift across your email infrastructure.

Start Free Trial View Pricing