Detect email misconfigurations
before they cause delivery failures
TLS-RPT monitoring and MTA-STS hosting give you visibility into encrypted mail delivery — know when TLS fails, when certificates expire, and when connections are downgraded.
TLS connection reports,
visualized
TLS-RPT (TLS Reporting) is a standard that lets receiving mail servers send you reports about TLS connection successes and failures. Without it, you have no way to know when email encryption is breaking down between servers.
DMARC Report collects, parses, and visualizes these reports so you can quickly identify which connections are failing and why — certificate issues, protocol mismatches, or configuration errors.
TLS is attempted but failures are allowed. Reports are collected to identify issues before enforcing.
Receiving servers must use TLS. Connections without encryption are rejected, protecting mail in transit.
No MTA-STS policy published. Connections may or may not use TLS depending on the receiving server.
Enforce TLS encryption
on inbound email
MTA-STS (Mail Transfer Agent Strict Transport Security) tells sending servers that your domain requires TLS encryption for email delivery. Without it, connections can silently fall back to unencrypted transmission.
MTA-STS requires hosting a policy file at a specific HTTPS URL on your domain. DMARC Report handles this hosting for you — no need to configure a web server or manage certificates.
- Policy file hosted and managed automatically
- No separate web server or certificate required
- Start in testing mode, move to enforce when ready
- Works alongside DANE for maximum protection
MTA-STS in three steps
We host your MTA-STS policy file
DMARC Report hosts the required .well-known/mta-sts.txt file on your behalf. No need to configure a separate web server for your domain.
Receiving servers check the policy
When a server receives email for your domain, it looks up your MTA-STS policy to determine whether TLS is required for delivery.
Connections without TLS are rejected
In enforce mode, servers that cannot establish a TLS connection will not deliver the email, protecting your messages from interception.
What we detect
TLS-RPT and MTA-STS monitoring surfaces problems that are otherwise completely invisible — issues that silently break encryption or block delivery.
Delivery failures
Identify when legitimate email cannot be delivered due to TLS negotiation problems between mail servers.
Encryption issues
Detect connections falling back to unencrypted transmission, exposing email content to interception.
Policy violations
Know when receiving servers ignore your MTA-STS policy and establish connections that violate your encryption requirements.
Certificate problems
Get alerted about expired, mismatched, or untrusted TLS certificates that prevent secure mail delivery.
Downgrade attacks
Detect when a man-in-the-middle strips TLS from connections, attempting to intercept email content in transit.
Configuration drift
Monitor your MTA-STS policy file and TLS-RPT DNS records for unexpected changes that could weaken your posture.
Get visibility into TLS delivery
Start your free trial — enable TLS-RPT monitoring and MTA-STS hosting in minutes.
Start Free TrialWhat Teams Say About Our Monitoring
Rated 4.8/5 on G2 · 469 verified reviews
Zunaid K.
Director
"Essential tool for email delivery"
This tool helps us to implement DMARC reporting for our domains in an easy to use manner.
Verified User in Information Technology and Services
"Best security tool for your own domains"
The weekly reports help me a lot to analyze quickly the emails sent from my domains and that gives me peace of mind.
Larry H.
Research & Development Manager
"Good tool to buy"
I have used many tools for monitoring DMARC reports. But DMARC Report is a good tool to use. It helps avoid sending emails to spam.