TLS-RPT Reports Overview
The TLS-RPT report interface displays all of the reports collected from service providers who send TLS-RPT reports, aggregated across all of your domains. You can set up TLS-RPT & MTA-STS in the TLS-RPT Settings page.
While TLS-RPT is relatively new, not many companies will send these reports. However, certain providers do send these if TLS-RPT configuration is properly configured.
Filters
All data on the interface is filtered by:
- Domains – A multiselect dropdown lets you choose one or more domains to report on. Domains you have marked as primary are shown with a star icon. By default the filter is pre-set to your active or primary domain; clear the selection to view combined reports for all domains on the account.
- Date Range – Select the date range for received reports.
Note: If none of your domains have received any TLS-RPT reporting data yet, a "No Reporting Data Available" message is shown with a link to manage your domains.
Summary Cards
Three summary cards give a quick snapshot of TLS reporting health for the selected domains and date range.
Domains
Shows the number of domains actively reporting against the total number of domains, with a doughnut chart of DMARC policy status (Enforce, Testing, None). Click View Domains to go to the Domains module.
Timeline
Shows the total number of successful and failed TLS sessions over the selected date range, with a bar chart comparing successes and failures per day.
Top Failure Type
Shows a doughnut chart breaking down failed sessions by result type, with a legend listing each failure type and its count. If no failures occurred in the selected period, a success message is shown instead.
Reports
The reports table lists TLS sessions grouped by either Reporter or Domain. Use the toggle above the table to switch between the two groupings.
| Column | Description |
|---|---|
| Domain / Reporter | The domain or reporting organisation, depending on the selected grouping. Domain rows show the domain's avatar, a copy button, and a shortcut to its DMARC settings. |
| Successful | Total number of successful TLS sessions |
| Failed | Total number of failed TLS sessions |
| Total | Combined successful and failed sessions |
| (bar) | A percentage bar visualising the split between successful and failed sessions |
Click the expand arrow on any row with failures to view the individual reports behind it. Use the search bar in the expanded view to filter by IP, MX hostname, or reporter.
The expanded report list displays:
- Domain – the domain the report applies to (shown when grouped by reporter)
- Reporter – the service provider that sent the report (shown when grouped by domain)
- Date – the date the report period ended
- Policy Type – the policy discovered for the connection: TLS, STS, or Not found
- Result Type – the specific TLS failure reason (for example, Certificate Expired, DANE Required, STARTTLS Not Supported)
- Sending MTA IP – the IP address of the sending mail server, with a copy button
- Receiving MX – the receiving mail server hostname, with a copy button
- Receiving IP – the receiving server's IP address, with a copy button
- Failed – the number of failed sessions in the report
- Reason – the failure reason code returned by the reporter
Related Topics
- What is TLS-RPT? - Introduction to TLS-RPT and its purpose
- How Does TLS-RPT Work? - Technical details about TLS-RPT operation
- Why is TLS-RPT Important? - Benefits and significance of TLS-RPT
- TLS-RPT Reporting - Understanding TLS-RPT reporting
- TLS-RPT Settings - Configure TLS-RPT Settings
- Domains - View and manage all domains in your account
- Failure Reports - Related DMARC failure reporting