secure email powerdmarc

TLS Reporting – Find Email Delivery Issues with Pinpoint Accuracy with SMTP TLS Reporting

Leverage TLS reporting to maximize visibility on your domain and boost deliverability

What is SMTP TLS Reporting?

  • TLS Reporting (TLS-RPT) is a standard for reporting email delivery issues that occur when an email isn’t encrypted with TLS. It supports the MTA-STS protocol which is used to guarantee that any email sent to your domain gets TLS encrypted.

  • TLS encryption ensures that every email sent to you gets delivered securely. However, an attacker might attempt an SMTP downgrade, a type of attack where the email gets sent to you without being encrypted, allowing them to read or tamper with the contents. MTA-STS combats this by making it necessary for all emails to be encrypted before being sent to you. If an attacker tries to perform an SMTP downgrade, the email will not be sent at all.

  • TLS-RPT makes it possible for you, the domain owner, to receive reports on every email that doesn’t get encrypted and fails to be sent to you. You can then identify the source of the problem and fix your delivery issues.

Secure your entire email channel

How Does TLS-RPT Work?

  • TLS reporting (TLS-RPT) is used to support the MTA-STS protocol, which ensures emails are encrypted before being delivered. Normally, your email server or Mail Transfer Agent (MTA) negotiates with the receiving server to see if it supports the STARTTLS command. If it does, the email gets encrypted with TLS and gets delivered to the receiving MTA.

  • An attacker might attempt an SMTP downgrade attack at this point, which involves blocking the negotiation between the sending and receiving MTAs. The sending server thinks the receiver doesn’t support the STARTTLS command and sends the email without TLS encryption, allowing the attacker to view or tamper with the email’s contents.

  • When you implement MTA-STS in your domain, it makes it mandatory for your sending server to always encrypt messages before sending them. If an attacker attempts an SMTP downgrade attack, the email will simply not be sent. This ensures TLS encryption on all your emails without fail.

  • TLS reporting (TLS-RPT) is a protocol that will notify you, the domain owner when emails sent through your domain face issues with delivery. If an email fails to be sent due to an SMTP downgrade or some other issue, you will receive a report in a JSON file format containing the details of the email that failed. This report does not contain the contents of the email.

Why Do You Need SMTP TLS-RPT?

  • Mandatory TLS encryption

    MTA-STS protects your email against SMTP downgrade

  • Receive feedback reports

    If a message fails to be sent, you’ll get notified with TLS-RPT.

  • Total visibility of email channels

    Know everything that’s going on in your domain

  • Eliminate delivery issues

    Identify the source of the problem with and fix it with zero delay

Secure your entire email channel

How Does PowerDMARC Make TLS-RPT Better?

PowerDMARC’s TLS-RPT experience is all about improving your security while making your life easier with a hosted service.

Translated TLS Reports

Complex JSON reports for TLS-RPT are converted to simplified information you can skim through in seconds or read in detail

Auto-detect issues

The PowerDMARC platform automatically pinpoints the issue you’re facing so you can resolve it without wasting time

TLS-RPTUnderstand your email channels like never before