Skip to main content
Protect your domain reputation today
contact@simpledmarc.comSupport
SimpleDMARC

Free TLS-RPT Generator

Generate a DNS record to receive SMTP TLS reports.

Where do you want to receive JSON reports about TLS failures?

What Does This Generator Create?

Our TLS-RPT Record Generator creates a correctly formatted DNS TXT record for publishing at smtp.tls.yourdomain.com. You specify one or more reporting URIs — either a mailto: address for email-based report delivery or an https: endpoint for automated JSON submission. The tool validates URI format, ensures the version tag (v=TLSRPTv1) is included, and outputs the complete record for direct copy-paste into your DNS management interface.

Choosing Your Reporting Method

Email delivery (mailto:) is simpler to set up but can generate a high volume of messages for domains with significant inbound email traffic. Each sending server that delivers to your domain may send a daily report. For most organizations, a dedicated reporting address (e.g., tlsrpt@yourdomain.com) works well. HTTPS endpoints are better suited for automated processing — they receive JSON via POST request, making it easy to integrate with monitoring dashboards and alerting systems. SimpleDMARC's managed platform can serve as your TLS-RPT endpoint with automatic parsing and visualization.

Deploying TLS-RPT

TLS-RPT is one of the simplest email security records to deploy — it requires just a single DNS TXT record with no additional infrastructure. Publish the record, and sending servers will begin submitting reports within 24 to 48 hours. We strongly recommend deploying TLS-RPT before switching MTA-STS to enforce mode, as the reports will immediately reveal any TLS negotiation issues that could disrupt legitimate email delivery.

Frequently Asked Questions

What is TLS-RPT?
TLS-RPT (SMTP TLS Reporting) is a standard that enables reporting on TLS connectivity problems.
How do I enable it?
You need to publish a TXT record at _smtp._tls.yourdomain.com specifying where to send the reports (usually a mailto: address).
Does it work with MTA-STS?
Yes, TLS-RPT is designed to work alongside MTA-STS to provide visibility into enforcement issues.
Can I specify multiple reporting URIs?
Yes. The rua field supports multiple URIs separated by commas. You can combine mailto: and https: endpoints in the same record for redundancy.
What does a TLS-RPT report contain?
Reports are JSON files containing: the reporting organization, date range, your domain's MTA-STS and/or DANE policies, and details of any TLS negotiation failures including failure type, sending MTA, and receiving MX host.
Is TLS-RPT required for MTA-STS?
Not technically required, but strongly recommended. Without TLS-RPT, you have no visibility into MTA-STS policy enforcement outcomes.

More MTA-STS & TLS-RPT Tools

MTA-STS Checker

Test your MTA-STS policy for secure transport.

Try Tool

MTA-STS Generator

Generate MTA-STS policy files and DNS records.

Try Tool

TLS-RPT Checker

Check your TLS reporting configuration syntax.

Try Tool
View All Security Tools
Free TLS-RPT Record Generator | Create TLS Reporting DNS Records | SimpleDMARC