TLS-RPT Record

Verifies the domain publishes a TLS Reporting record (RFC 8460) at _smtp._tls.<domain>. TLS-RPT lets receiving mail servers send you reports when STARTTLS negotiation fails for inbound mail to your domain. These reports are invaluable for catching MTA-STS misconfigurations and quietly degrading TLS.

Applies to: URIBL and URI hosts.

How It Works

We do a TXT lookup at _smtp._tls.<domain> and look for a record starting with v=TLSRPTv1. We also confirm the record contains a rua= tag specifying where to send reports.

Fails On

No TLS-RPT record at _smtp._tls.<domain>.
The record is missing the required rua= tag.

MTA-STS Policy - the policy TLS-RPT reports failures against.

How It Works​

Fails On​

Related Checks​

How It Works

Fails On

Related Checks