Free Tool

TLS-RPT Record Checker

TLS delivery failures happen silently — no bounce, no notification — until you have reporting configured. Enter your domain to check your TLS-RPT record and verify it's receiving failure reports.

Understanding TLS-RPT

What is TLS-RPT?

SMTP TLS Reporting (TLS-RPT) is a standard that lets you receive reports when sending servers encounter TLS failures delivering email to your domain. It's the reporting companion to MTA-STS.

How does TLS-RPT work?

You publish a TXT record at _smtp._tls.yourdomain.com with a reporting URI. Sending servers that support TLS-RPT will send daily JSON reports about any TLS negotiation failures to that URI.

What format are TLS-RPT reports?

Reports are JSON documents sent daily, containing details about TLS connection failures: the sending server, failure type (certificate errors, policy failures), and counts. They're sent via email (mailto:) or HTTPS POST.

Do I need TLS-RPT?

If you use MTA-STS, TLS-RPT is essential — it tells you when delivery is failing due to your MTA-STS policy. Even without MTA-STS, TLS-RPT can reveal TLS issues with incoming email.

Related Free Tools

TLS-RPT Generator → MTA-STS Checker → DMARC Checker → Deliverability Check →

Why We Built This Tool

TLS failures between mail servers are invisible — no bounces, no notifications. Without reporting configured, you can't detect when encryption negotiation breaks, certificates expire, or policy misconfigurations cause silent delivery failures.

What Goes Wrong Without This

Email can be downgraded to unencrypted SMTP when TLS negotiation fails, and teams never learn it happened. Reporting endpoints are often misconfigured, not responding, or receiving duplicate reports — making even TLS-RPT ineffective.

Who This Tool Is For

E-commerce & DTC Brands

Monitor TLS failures for your sending domain — surface certificate errors and encryption negotiation issues before they impact email delivery.

Email Marketing Agencies

Audit TLS-RPT configuration across client domains. Verify reporting endpoints are live and processing failure reports to catch infrastructure issues early.

B2B SaaS & Outbound Teams

Set up TLS failure reporting for outbound sending servers and transaction email. Monitor TLS negotiation failures and certificate misconfigurations in real-time.

Frequently Asked Questions

What is TLS-RPT and how does it work?

SMTP TLS Reporting (TLS-RPT) lets sending servers report TLS negotiation failures when delivering email to your domain. You publish a TXT record at _smtp._tls.yourdomain.com pointing to a reporting endpoint (email or HTTPS), and sending servers will send daily JSON reports about failures.

When should I use TLS-RPT?

Always use TLS-RPT if you have MTA-STS enabled — it tells you when MTA-STS policy breaks are causing delivery failures. Even without MTA-STS, TLS-RPT reveals certificate errors, cipher failures, and other transport security issues.

What reporting formats does TLS-RPT support?

Two formats: 'mailto:' (reports sent via email to an address) and 'https://' (reports sent as HTTP POST requests to an endpoint). Most teams use HTTPS for easier parsing and automated response.

Do I need an InboxEagle account to use this tool?

No. This tool is completely free and requires no account or sign-up. InboxEagle provides it as a standalone resource for email marketers, developers, and agencies.

Set Up Reporting. Stop Flying Blind on TLS Failures.

Stop running manual checks. InboxEagle monitors your sender reputation, authentication, and blacklist status 24/7 — and alerts you the moment something breaks.

Start Free 14-Day Trial

No credit card required · Cancel anytime