Important Alert: Google and Yahoo will require DMARC starting from April 2024.


Detect issues in email delivery at a speedy pace with PowerDMARC’s SMTP TLS Reporting

The DNS Lookup Limit

What Is TLS-RPT?

SMTP TLS Reporting (TLS-RPT) is a standard that enables the reporting of issues in TLS connectivity that is experienced by applications that send emails and detect misconfigurations. It enables the reporting of email delivery issues that take place when an email isn’t encrypted with TLS. In September 2018 the standard was first documented in RFC 8460.

How Can PowerDMARC Help You?

TLS Reports are generated in the form of JSON files. PowerDMARC makes your life easier by making the process of implementation of SMTP TLS Reporting easy and speedy, at your fingertips!

  • TLS-RPT is fully integrated into the PowerDMARC security suite so that as soon as you sign up with PowerDMARC and enable SMTP TLS Reporting for your domain, we take the pain of converting the JSON files containing your reports of email delivery issues, into simple, readable documents that you can go through and understand with ease!

  • On the PowerDMARC platform,  TLS-PT aggregate reports are generated in two formats for ease of use, better insight, and enhanced user-experience, as shown below:

    Aggregate Reports Per Result:


    Aggregate Reports Per Sending Source:


  • Moreover, PowerDMARC’s platform automatically detects and subsequently conveys the issues you are facing, so that you can promptly address and resolve them in no time!

How Does TLS-RPT Work?

  • TLS-RPT is enabled to support the MTA-STS protocol that ensures all emails addressed to your domain are TLS encrypted. The sending email server or Mail Transfer Agent (MTA) communicates with the receiving server to specify whether it supports the STARTTLS command. If it does, the email gets encrypted with TLS and gets delivered to the receiving MTA.

  • Without MTA-STS, an attacker may initiate an MITM TLS downgrade attack, replacing or deleting the STARTTLS command so that the email gets sent to the receiving server without TLS encryption, in cleartext. This leaves room for the cybercriminal to view and tamper with the content of the email.

  • Implementing MTA-STS enforces sending servers to always send emails over an encrypted connection to your domain so that even if an attacker launches a downgrade attack the email would not be sent at all instead of being sent in cleartext.

  • TLS-RPT then comes into play, by providing the domain owner with diagnostic reports (in JSON file format) with elaborate details on emails addressed to your domain and are facing delivery issues, or couldn’t be delivered due to a downgrade attack or other issues, so that you can fix the problem proactively.

Learn more with the help of our detailed guide on TLS-RPT.