Last updated: July 2026

In short: TLS-RPT (SMTP TLS Reporting) delivers automated diagnostic reports on failed email encryption handshakes. You set it up inside Hostinger hPanel under Domains in the DNS Zone by creating a TXT record on the _smtp._tls subdomain.

Prerequisites

  • A domain managed through Hostinger
  • Access to your Hostinger dashboard and hPanel (https://hpanel.hostinger.com)
  • An email address or analytical dashboard ready to process compressed JSON reports

What is TLS-RPT?

TLS-RPT (SMTP TLS Reporting, defined in RFC 8460) is an auditing protocol for secure transport encryption between mail servers. When external mail services (like Gmail or Microsoft 365) connect to your mail server, they negotiate a TLS tunnel. If that handshake fails — whether due to expired certificates, misconfigurations, or active intercept attempts — TLS-RPT instructs the sending server to generate a detailed failure report and email it to you.

This diagnostic insight is vital when deploying strict security enforcement mechanisms such as MTA-STS or DANE, ensuring you maintain complete visibility over email delivery failures.

The starting point at Hostinger

You manage all DNS entries directly inside Hostinger’s custom control panel (Go to Domains in hPanel. Select your domain and open DNS Zone.).

To enable reporting, create a TXT record attached to the technical subdomain _smtp._tls. The canonical structure for a TLS reporting record is:

v=TLSRPTv1; rua=mailto:tls-reports@example.com

Step-by-step guide

1. Check whether a TLS-RPT policy already exists

Before adding new entries in hPanel, open your terminal to check if your domain currently publishes a TLS reporting policy:

dig TXT _smtp._tls.example.com +short

If the returned output starts with v=TLSRPTv1;, your domain already has a reporting record. If the response is blank, continue to create one.

2. Open the DNS Zone in hPanel

Log in to your Hostinger account (Go to Domains in hPanel. Select your domain and open DNS Zone.). Choose your domain from the list and open the DNS Zone section.

3. Add the TXT record for _smtp._tls

In your DNS records table, click to add a new record with the following values:

  • Type: TXT
  • Name / Host: _smtp._tls
  • Value / Content:
    v=TLSRPTv1; rua=mailto:tls-reports@example.com

(Replace tls-reports@example.com with the email inbox where you want to collect daily diagnostic reports).

Save your new DNS record.

The components of the TLS-RPT record

ComponentMeaning
_smtp._tlsDedicated subdomain namespace queried by connecting mail servers for reporting instructions
v=TLSRPTv1Protocol version tag (must always be placed at the very start of the TXT string)
rua=mailto:...Target URI specifying where daily compressed JSON reports will be sent

Verification

After saving the record inside Hostinger hPanel, immediately verify your setup using the free MXAudit scanner — check your TLS-RPT syntax and ensure your reporting endpoint is correctly configured.

You can also use your terminal to confirm that nameservers are serving the updated record:

dig TXT _smtp._tls.example.com +short

The output should match "v=TLSRPTv1; rua=mailto:tls-reports@example.com".

Common mistakes

  • Creating the record on root (@): If you place the TXT record on your main domain instead of the _smtp._tls subdomain, external mail servers will not find your reporting policy.
  • Omitting the mailto: scheme: The rua= attribute requires the mailto: prefix directly before your email address. Missing this prefix makes the record invalid.
  • Using your personal work inbox: Reports arrive daily as compressed JSON/GZIP attachments. Use a dedicated reporting address or parsing service to prevent cluttering your primary inbox (Go to Domains in hPanel. Select your domain and open DNS Zone.).

Further reading