Last updated: July 2026
In short: After this guide your domain at domainfactory publishes a TLS-RPT record and receives daily reports on encrypted delivery.
Prerequisites
- A domainfactory account with access to the customer menu
- A destination for the reports (analysis service or mailbox)
What is TLS-RPT?
TLS-RPT (SMTP TLS Reporting, RFC 8460) is a DNS TXT record under _smtp._tls.your-domain. Receiving servers send daily aggregate reports on TLS delivery to the address named there. It enforces nothing — it shows you whether your MTA-STS protection works. TLS-RPT is exactly the kind of service TXT entries at domainfactory are meant for: “using new services at the nameserver level for which no dedicated entry type is available”.
Step-by-step guide
1. Set the report address
A TLS-RPT analysis service processes the JSON reports.
2. Create the TXT record
In the customer menu, on the left under Domain, click Nameserver settings. Select the domain via Edit and create an entry:
| Field | Value |
|---|---|
| Type | TXT |
| Hostname | _smtp._tls |
| Value | v=TLSRPTv1; rua=mailto:tlsrpt@beispiel.de |
3. Together with MTA-STS
Combine TLS-RPT with MTA-STS at domainfactory.
4. Wait until the change is live
DNS changes take a few hours depending on TTL.
Verify the result
Check your configuration with the free MXAudit scanner.
dig TXT _smtp._tls.example.com +short
Common mistakes
rua to a normal mailbox. Use an analysis service.
TLS-RPT without MTA-STS. It only reports; enforcement is delivered by MTA-STS.
Wrong hostname. _smtp._tls, not _mta-sts.
Further reading
- domainfactory FAQ: Nameserver settings (German) (retrieved: July 10, 2026)
- RFC 8460 — SMTP TLS Reporting
