Submit a ticket My Tickets
Welcome
Login  Sign up
  1. PowerDMARC
  2. Solution home
  3. Email Authentication Basics
  4. TLS-RPT

What is TLS-RPT?

PowerDMARC Support
Modified on: Sun, 1 Dec, 2024 at 12:00 AM

TLS-RPT stands for Transport Layer Security Reporting and is a standard defined in RFC 8460. It enables reporting of issues in the encryption process for Mail Transfer Agent Strict Transport Security (MTA-STS) enabled domains or email deliverability problems during SMTP mail transfer.


TLS-RPT operates by reporting on TLS-encryption-related delivery issues, caused by TLS encryption failures during SMTP communications. TLS-RPT is often used alongside MTA-STS (Mail Transfer Agent Strict Transport Security)to provide the relevant parties with comprehensive information about email delivery failures.

How Does It Work?

When a domain has TLS-RPT enabled, it allows the email-sending services to send automated reports to a specified email address that include details about TLS connection failures. 

These reports are delivered in JSON format and include the following pieces of important information:

  • Issues related to MTA-STS policy handling 

  • Potential causes of delivery failures

  • The sending and receiving mail transfer agents’ IP addresses 

  • The total number of successful and unsuccessful TLS connection sessions

Having access to these details offers domain owners increased visibility into their email channels. As a result, they can identify delivery challenges in real time and resolve them faster. To learn more about this protocol, read our complete guide on TLS-RPT.

Benefits of TLS-RPT 

Numerous reasons make TLS-RPT an essential component of your email security framework. These include: 

  1. TLS-RPT offers deep, useful insights into email delivery issues that you might have otherwise overlooked. 

  2. This protocol enables you to identify the root causes of TLS encryption failures and take action accordingly.

  3. The protocol is often used in conjunction with MTA-STS, which helps avoid emails sent in plain-text format upon encryption failure.

Setting Up TLS-RPT

Step #1: Use PowerDMARC’s free TLS-RPT record generator to create your record.


Step #2: When creating your record, enter a valid email address where you will receive your SMTP TLS reports.


Step #3: Lastly, publish the TLS-RPT record on your DNS, at smtp.tls.yourdomain.com subdomain. If you are the manager of your DNS, you can edit the DNS settings by yourself to publish the record. Otherwise, you can ask your domain registrar who will help you create a new TXT record for the same.  


Setting up or monitoring TLS-RPT does not have to be challenging! At PowerDMARC we are dedicated to providing our customers with an automated and hassle-free email authentication experience. To monitor your TLS reports easily sign up with PowerDMARC today.

P
PowerDMARC is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.