Skip to content

TLS-RPT Reports Overview

The TLS-RPT report interface displays all of the reports collected from service providers who send TLS-RPT reports, aggregated across all of your domains. You can set up TLS-RPT & MTA-STS in the TLS-RPT Settings page.

While TLS-RPT is relatively new, not many companies will send these reports. However, certain providers do send these if TLS-RPT configuration is properly configured.

Filters

All data on the interface is filtered by:

  • Domains – A multiselect dropdown lets you choose one or more domains to report on. Domains you have marked as primary are shown with a star icon. By default the filter is pre-set to your active or primary domain; clear the selection to view combined reports for all domains on the account.
  • Date Range – Select the date range for received reports.

Note: If none of your domains have received any TLS-RPT reporting data yet, a "No Reporting Data Available" message is shown with a link to manage your domains.

Summary Cards

Three summary cards give a quick snapshot of TLS reporting health for the selected domains and date range.

Domains

Shows the number of domains actively reporting against the total number of domains, with a doughnut chart of DMARC policy status (Enforce, Testing, None). Click View Domains to go to the Domains module.

Timeline

Shows the total number of successful and failed TLS sessions over the selected date range, with a bar chart comparing successes and failures per day.

Top Failure Type

Shows a doughnut chart breaking down failed sessions by result type, with a legend listing each failure type and its count. If no failures occurred in the selected period, a success message is shown instead.

Reports

The reports table lists TLS sessions grouped by either Reporter or Domain. Use the toggle above the table to switch between the two groupings.

ColumnDescription
Domain / ReporterThe domain or reporting organisation, depending on the selected grouping. Domain rows show the domain's avatar, a copy button, and a shortcut to its DMARC settings.
SuccessfulTotal number of successful TLS sessions
FailedTotal number of failed TLS sessions
TotalCombined successful and failed sessions
(bar)A percentage bar visualising the split between successful and failed sessions

Click the expand arrow on any row with failures to view the individual reports behind it. Use the search bar in the expanded view to filter by IP, MX hostname, or reporter.

The expanded report list displays:

  • Domain – the domain the report applies to (shown when grouped by reporter)
  • Reporter – the service provider that sent the report (shown when grouped by domain)
  • Date – the date the report period ended
  • Policy Type – the policy discovered for the connection: TLS, STS, or Not found
  • Result Type – the specific TLS failure reason (for example, Certificate Expired, DANE Required, STARTTLS Not Supported)
  • Sending MTA IP – the IP address of the sending mail server, with a copy button
  • Receiving MX – the receiving mail server hostname, with a copy button
  • Receiving IP – the receiving server's IP address, with a copy button
  • Failed – the number of failed sessions in the report
  • Reason – the failure reason code returned by the reporter