How do I set up TLS-RPT?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

Setting up TLS-RPT is straightforward if you've done SPF or DKIM before. You'll publish one DNS record and you're collecting reports within 24 hours.

The three things you need: Access to your domain's DNS settings, an email address that can receive reports, and 10 minutes.

Here's the record: Create a TXT record at _smtp._tls.yourdomain.com (replace yourdomain.com with your actual domain). The value is: v=TLSRPTv1; rua=mailto:tls-reports@yourdomain.com (use whatever email address you want reports sent to).

That's it. Once DNS propagates (usually within an hour), sending mail servers will start sending you daily JSON reports about TLS connection attempts to your domain.

A quick sanity check: Make sure the email address you chose can receive external mail. Some organizations block inbound email from automated services, so verify it works before assuming your TLS-RPT setup is broken.

Want to understand what's actually in those reports once they arrive? Start with the basics of what TLS-RPT does, then learn what data you'll be receiving.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Rewrite TLS-RPT setup instructions

I want to set up TLS-RPT on my domain your domain. My DNS provider is Cloudflare / Route 53 / Namecheap / other, my mail platform is Microsoft 365 / Google Workspace / self-hosted. Help me confirm the DNS record syntax and pick the right address to receive reports.

Edit the yellow boxes, then send to the AI of your choice.