Last updated: July 2026
In short: TLS-RPT (SMTP TLS Reporting) delivers automated diagnostic reports on failed email encryption handshakes. You set it up inside Hostinger hPanel under Domains in the DNS Zone by creating a TXT record on the
_smtp._tlssubdomain.
Prerequisites
- A domain managed through Hostinger
- Access to your Hostinger dashboard and hPanel (
https://hpanel.hostinger.com) - An email address or analytical dashboard ready to process compressed JSON reports
What is TLS-RPT?
TLS-RPT (SMTP TLS Reporting, defined in RFC 8460) is an auditing protocol for secure transport encryption between mail servers. When external mail services (like Gmail or Microsoft 365) connect to your mail server, they negotiate a TLS tunnel. If that handshake fails — whether due to expired certificates, misconfigurations, or active intercept attempts — TLS-RPT instructs the sending server to generate a detailed failure report and email it to you.
This diagnostic insight is vital when deploying strict security enforcement mechanisms such as MTA-STS or DANE, ensuring you maintain complete visibility over email delivery failures.
The starting point at Hostinger
You manage all DNS entries directly inside Hostinger’s custom control panel (Go to Domains in hPanel. Select your domain and open DNS Zone.).
To enable reporting, create a TXT record attached to the technical subdomain _smtp._tls. The canonical structure for a TLS reporting record is:
v=TLSRPTv1; rua=mailto:tls-reports@example.com
Step-by-step guide
1. Check whether a TLS-RPT policy already exists
Before adding new entries in hPanel, open your terminal to check if your domain currently publishes a TLS reporting policy:
dig TXT _smtp._tls.example.com +short
If the returned output starts with v=TLSRPTv1;, your domain already has a reporting record. If the response is blank, continue to create one.
2. Open the DNS Zone in hPanel
Log in to your Hostinger account (Go to Domains in hPanel. Select your domain and open DNS Zone.). Choose your domain from the list and open the DNS Zone section.
3. Add the TXT record for _smtp._tls
In your DNS records table, click to add a new record with the following values:
- Type: TXT
- Name / Host:
_smtp._tls - Value / Content:
v=TLSRPTv1; rua=mailto:tls-reports@example.com
(Replace tls-reports@example.com with the email inbox where you want to collect daily diagnostic reports).
Save your new DNS record.
The components of the TLS-RPT record
| Component | Meaning |
|---|---|
_smtp._tls | Dedicated subdomain namespace queried by connecting mail servers for reporting instructions |
v=TLSRPTv1 | Protocol version tag (must always be placed at the very start of the TXT string) |
rua=mailto:... | Target URI specifying where daily compressed JSON reports will be sent |
Verification
After saving the record inside Hostinger hPanel, immediately verify your setup using the free MXAudit scanner — check your TLS-RPT syntax and ensure your reporting endpoint is correctly configured.
You can also use your terminal to confirm that nameservers are serving the updated record:
dig TXT _smtp._tls.example.com +short
The output should match "v=TLSRPTv1; rua=mailto:tls-reports@example.com".
Common mistakes
- Creating the record on root (
@): If you place the TXT record on your main domain instead of the_smtp._tlssubdomain, external mail servers will not find your reporting policy. - Omitting the
mailto:scheme: Therua=attribute requires themailto:prefix directly before your email address. Missing this prefix makes the record invalid. - Using your personal work inbox: Reports arrive daily as compressed JSON/GZIP attachments. Use a dedicated reporting address or parsing service to prevent cluttering your primary inbox (
Go to Domains in hPanel. Select your domain and open DNS Zone.).
Further reading
- Hostinger Support — How to Set Up a Domain for Hostinger Email (retrieved: July 17, 2026)
- RFC 8460 — SMTP TLS Reporting (TLS-RPT)
