What information is included in TLS reports?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
When a sending mail server can't reach you over secure TLS, it packages up a report. Here's what's actually in that report:
The wins: Total number of successful TLS connections. If 10,000 connections succeeded, you know your certificate and configuration are working for most senders.
The problems: How many connections failed, broken down by reason. The report includes codes like certificate-expired, certificate-not-trusted, starttls-not-supported, and validation-failure. This tells you exactly where the friction is.
The details: The IP address of each sending server that failed, the time window covered (usually one day), and negotiation details. You get the source of the problem, not just that a problem exists.
Think of it like a daily health check for your mail server's TLS setup. You're not guessing why senders can't reach you anymore; the report shows you exactly what failed and why.
Ready to see these reports yourself? Here's how to set up TLS-RPT on your domain.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.