Bots are silently destroying your Klaviyo deliverability.

Save My Spot →
InboxEagle
Free Tool

TLS-RPT Record Generator

TLS failure reports only arrive if your reporting address is valid and actively monitored. Most teams set it and never check it. Generate your record and set up actual monitoring.

Primary email address to receive TLS failure reports.

Second email address for redundant report delivery.

HTTPS URL to receive reports via POST. Used by automated monitoring services.

DNS Record Name

_smtp._tls.yourdomain.com
TXT

Record Value

v=TLSRPTv1; rua=mailto:tls-reports@yourdomain.com

How to publish this record

  1. Log in to your DNS provider
  2. Create a new TXT record
  3. Set the Name/Host to _smtp._tls
  4. Paste the record value above into the Value/Content field
  5. Save and wait for DNS propagation (usually a few minutes to 48 hours)
  6. Consider also setting up MTA-STS to enforce TLS for incoming email

Get your TLS-RPT record + report interpretation guide

No spam. Unsubscribe any time.

Setting Up TLS-RPT

What is TLS-RPT?

SMTP TLS Reporting (TLS-RPT) is a standard that lets you receive reports when sending servers encounter TLS failures delivering email to your domain. It works alongside MTA-STS to give you visibility into email transport security.

How do I configure reporting?

Publish a TXT record at _smtp._tls.yourdomain.com with a rua= tag specifying where reports should be sent. You can use mailto: for email delivery, https: for HTTP POST delivery, or both for redundancy.

What will the reports tell me?

TLS-RPT reports are JSON documents sent daily by sending mail servers. They include details about TLS negotiation failures: certificate errors, expired certificates, MTA-STS policy failures, and connection counts.

Should I use TLS-RPT with MTA-STS?

Yes. MTA-STS enforces TLS for incoming email, and TLS-RPT tells you when that enforcement causes delivery failures. Without TLS-RPT, you won't know if your MTA-STS policy is silently blocking legitimate email.

Related Free Tools

TLS-RPT Checker → MTA-STS Generator → DMARC Generator → Deliverability Check →

Configure Reporting. Then Actually Read the Reports.

Stop running manual checks. InboxEagle monitors your sender reputation, authentication, and blacklist status 24/7 — and alerts you the moment something breaks.

Start Free 14-Day Trial

No credit card required · Cancel anytime