TLS-RPT record checker tool

Use Sendmarc’s TLS-RPT record checker to instantly validate your organization’s record. Ensure your business has visibility into email encryption issues to strengthen security and deliverability.

Test record

What is a TLS-RPT record checker?

A Transport Layer Security Reporting (TLS-RPT) record checker verifies the presence and correctness of your organization’s record, which is critical for maintaining secure and reliable email communications.

Key features of a TLS-RPT checker

  • Check the DNS TXT record at _smtp._tls.yourdomain.com
  • Verify the format and accuracy of the domain’s record
  • Confirm the version and reporting address are correct
Use Sendmarc’s Know Your Score tool for more insight into your business’s email security posture.

What is TLS-RPT?

TLS-RPT is a reporting protocol that allows domain owners to receive daily reports on email delivery issues related to encryption. These reports help identify and troubleshoot problems with TLS.

Why does TLS-RPT matter?

Without TLS-RPT, domain owners might be unaware of TLS misconfigurations that leave messages vulnerable to interception, tampering, or Man-in-the-Middle (MitM) attacks. By receiving detailed reports on TLS failures, companies can identify and resolve problems quickly, ensuring that email communications remain secure and reliable.

Why your organization should use a TLS-RPT record checker

Businesses that value secure and reliable email communication benefit from implementing and validating TLS-RPT. The protocol helps:
  • Detect encryption failures: Identify if messages aren’t delivered securely due to TLS issues
  • Prevent data breaches: Address vulnerabilities that could expose sensitive email content to cybercriminals
  • Monitor policy compliance: Validate compliance with email security standards
  • Improve deliverability: Resolve issues that might prevent legitimate emails from reaching recipients

Typical use cases

  • Troubleshooting failed email deliveries
  • Verifying new or updated DNS records
  • Monitoring compliance with email security policies
Check if your company’s record is properly configured.
Test a record

How to verify with a TLS-RPT record checker

Use Sendmarc’s record checker tool to confirm that your organization’s TLS-RPT TXT record is present, correctly formatted, and functional.

Step-by-step guide

1. Enter the domain

Input the domain into the record checker

2. TLS-RPT check

The checker analyzes the DNS for the TXT record

3. Validation

The tool checks the record for correct syntax, required fields, and valid reporting addresses

4. Review results

The results display whether the record exists

Sample record

Host Type Value
_smtp._tls.yourdomain.com TXT v=TLSRPTv1; rua=mailto:[email protected]
  • v=TLSRPTv1: The version of the TLS-RPT protocol
  • rua=mailto: Specifies the address where reports should be sent

Missing or incorrect record? Use a TLS-RPT record checker

If your business’s record is missing or incorrectly configured, it won’t receive crucial reports about encryption failures. This might leave your company vulnerable to undetected security issues.

Record checker capabilities

A TLS-RPT record checker helps by:

Identifying misconfigurations

Flags missing records in your organization’s DNS record

Confirming fixes

Allows re-checking of the domain after updates to verify compliance and functionality

How to fix common issues

  • Verify the TXT record is placed at _smtp._tls.yourdomain.com
  • Ensure the value starts with v=TLSRPTv1;
  • Use a valid, monitored email address or a secure HTTPS endpoint for the rua field
  • Separate multiple addresses with commas
  • Remove any syntax errors

Try Sendmarc’s record checker now!

Ensure your business’s email security is up to date.

Validate record

TLS-RPT record checker FAQs

What is a TLS-RPT record?

A Transport Layer Security Reporting (TLS-RPT) record is a DNS TXT entry that specifies where to send reports about email encryption failures for a domain. A TLS-RPT record allows domain owners to monitor and address issues related to encrypted email delivery.

A valid TLS-RPT record is formatted as follows:
Host Type Value
_smtp._tls.yourdomain.com TXT v=TLSRPTv1; rua=mailto:[email protected]
TLS-RPT records can also include an HTTPS endpoint or multiple reporting addresses. For example:
Host Type Value
_smtp._tls.yourdomain.com TXT v=TLSRPTv1; rua=mailto:[email protected],https://yourdomain.com/tlsrpt

If a TLS-RPT record is incorrect or missing, the domain owner won’t receive reports about TLS failures. Without these reports, encryption issues might go undetected, potentially exposing email to interception or modification.

To fix a TLS-RPT misconfiguration, update the DNS TXT record to follow the correct format and ensure that the rua address is valid and actively monitored. After making updates, re-check the configuration to confirm compliance and functionality.

TLS-RPT affects email deliverability by enabling domain owners to detect and resolve encryption-related issues. By identifying and correcting these problems, TLS-RPT improves both the security and successful delivery of emails.

A domain can include multiple reporting addresses within a single TLS-RPT record, but there should only be one TXT record at _smtp._tls.yourdomain.com. To specify more than one reporting address, separate each rua value with a comma.

Yes, TLS-RPT is still necessary even if Mail Transfer Agent Strict Transport Security (MTA-STS) is implemented. While MTA-STS enforces the use of TLS for email transmission, TLS-RPT provides reporting and visibility into encryption failures. Using both protocols together ensures both enforcement and monitoring, strengthening overall email security.

Get started with Sendmarc’s TLS-RPT record checker

Ensure your company’s email security by validating its TLS-RPT configuration and gaining visibility into encryption issues.

Step 1: Validate the domain

Use our TLS-RPT validator to confirm that your organization’s domain has a functional record.

Test a record

Step 2: Strengthen email security

Sign up for Sendmarc’s comprehensive email security solution to:

  • Receive enriched and consolidated TLS-RPT reports
  • Get expert guidance on configuration and management
  • Ensure ongoing compliance with industry best practices
Start now
Sendmarc logo
SOC 2 Type II
G2 High Performer Badge - Winter 2025

How secure is your brand name from email scammers?

If you’re at risk of impersonation, one of our experts will be in touch to assist.

Linkedin-in Youtube X-twitter Facebook-f

Platform & Services

Company

Platform & Services

Resources