Last updated: July 2026
In short: After this guide your domain at All-Inkl publishes a TLS-RPT record and gets daily reports on encrypted delivery.
Prerequisites
- An All-Inkl package with access to the KAS
- A destination for the reports (analysis service or mailbox)
What is TLS-RPT?
TLS-RPT (SMTP TLS Reporting, RFC 8460) is a DNS TXT record under _smtp._tls.your-domain. Receiving servers send daily aggregate reports on TLS delivery to the address named there. It enforces nothing — it shows you whether your MTA-STS protection works.
Step-by-step guide
1. Set the report address
A TLS-RPT analysis service processes the JSON reports.
2. Create the TXT record in the KAS
Log into the KAS (technical administration) and click Tools → DNS settings. Edit the domain and choose create new DNS entry:
| Field | Value |
|---|---|
| Name | _smtp._tls |
| Type | TXT |
| Data | v=TLSRPTv1; rua=mailto:tlsrpt@beispiel.de |
3. Together with MTA-STS
Combine TLS-RPT with MTA-STS at All-Inkl.
4. Wait until the change is live
DNS changes at All-Inkl can take up to 24 hours.
Verify the result
Check your configuration with the free MXAudit scanner.
dig TXT _smtp._tls.example.com +short
Common mistakes
rua to a normal mailbox. Use an analysis service for the machine-readable reports.
TLS-RPT without MTA-STS. It only reports; enforcement is delivered by MTA-STS.
Wrong hostname. _smtp._tls, not _mta-sts.
Further reading
- All-Inkl guide: DNS tools (retrieved: July 10, 2026)
- RFC 8460 — SMTP TLS Reporting
