Free TLS-RPT checker · Instant · No signup
TLS-RPT Checker
Validate your TLS-RPT record. Domain Doctor checks your _smtp._tls TXT record so you receive reports when TLS delivery to your domain fails.
VASTROX HOSTING · EMAIL · DNS · SSL
Want VASTROX to fix every issue above — for you?
Don't fix it alone. Our team configures your SPF, DKIM, DMARC, SSL, DNS and security headers correctly, then hosts you on fast NVMe infrastructure so your domain scores an A and stays there.
- Every failing check fixed and verified
- Hosting, business email, DNS & SSL under one roof
- Free migration from your current provider
What this checks
TLS-RPT (SMTP TLS Reporting) is the feedback channel for MTA-STS and DANE. When another server fails to deliver mail to you over TLS, TLS-RPT tells them where to send a report — so you find out about downgrade attacks and misconfigurations instead of silently losing mail.
Domain Doctor validates your _smtp._tls TXT record, confirms the v=TLSRPTv1 version and a valid rua reporting destination (a mailto: or https: endpoint).
Common TLS-RPT Checker errors
- No TLS-RPT record, so you get no delivery failure reports
- Invalid rua target (malformed mailto or https)
- Missing v=TLSRPTv1 version tag
- Record present but MTA-STS not deployed alongside it
VASTROX EMAIL SECURITY
Get visibility into TLS delivery failures
We add TLS-RPT alongside MTA-STS so you find out about downgrade attacks instead of silently losing mail.
- Valid TLS-RPT record published
- Deployed alongside MTA-STS
- Reports monitored for you
Trusted by businesses for hosting, VPS, business email & game servers · Free migration · Real support
Frequently asked questions
Is TLS-RPT required?
It is optional but strongly recommended alongside MTA-STS. Without it you have no visibility into TLS delivery failures.
Where do TLS-RPT reports go?
To the address in your rua tag — either a mailbox (mailto:) or an HTTPS endpoint that accepts JSON reports.