All fix guides

How to add SMTP TLS reporting (TLS-RPT)

Get notified when mail delivery to your domain fails to encrypt.

What it is

TLS-RPT is a DNS TXT record that asks sending servers to email you reports about TLS failures when delivering to your domain.

Why it matters

Without TLS-RPT you have no visibility into downgrade attacks or misconfigurations breaking encrypted mail delivery.

How to fix it

  1. 1Publish a TXT record at `_smtp._tls.yourdomain.com`: `v=TLSRPTv1; rua=mailto:tls-reports@yourdomain.com`.
  2. 2Pair it with MTA-STS so you both enforce and monitor TLS.
  3. 3Review the reports periodically for delivery failures.
  4. 4Re-scan to confirm TLS-RPT is published.

Not sure if your site is affected?

Run a free scan — or let us fix it all for you.

Privacy and cookie preferences

We use strictly necessary cookies to run the site. Analytics, marketing, and AI assistant telemetry are optional and disabled until you choose. You can update consent any time in Cookie Settings.

Some infrastructure cookies, such as load balancer routing cookies, are essential for service delivery. Details: Cookie Policy