Last updated: July 2026
In short: After this guide your domain at IONOS publishes a TLS-RPT record, so receiving servers report to you daily on the success or failure of encrypted delivery.
Prerequisites
- A domain at IONOS with access to the DNS settings (login.ionos.de)
- A destination for the reports (analysis service or mailbox)
What is TLS-RPT?
TLS-RPT (SMTP TLS Reporting, RFC 8460) is a DNS TXT record under _smtp._tls.your-domain. It names an address to which receiving mail servers send daily aggregate reports on TLS delivery. TLS-RPT itself enforces nothing — it makes visible whether your MTA-STS protection works in practice.
The starting point at IONOS
TLS-RPT is a completely normal TXT record — IONOS offers no dedicated switch for it, you create it yourself in DNS management. That’s done in five minutes.
Step-by-step guide
1. Set the report address
Choose a destination for the JSON reports — ideally a TLS-RPT analysis service.
2. Create the TXT record
Sign in and go via Menu → Domains & SSL to your domain. Next to the domain, click the three dots and then DNS, then the Add record button in DNS management. Choose TXT and enter:
| Field | Value |
|---|---|
| Type | TXT |
| Hostname | _smtp._tls |
| Value | v=TLSRPTv1; rua=mailto:tlsrpt@beispiel.de |
3. Together with MTA-STS
Set up MTA-STS at IONOS in parallel — then MTA-STS enforces encryption and TLS-RPT reports to you whether it succeeds.
4. Wait until the change is live
DNS changes take a few hours depending on TTL.
Verify the result
Check your configuration with the free MXAudit scanner — it shows TLS-RPT together with MTA-STS and transport encryption.
dig TXT _smtp._tls.example.com +short
Common mistakes
rua to a normal mailbox. The reports are machine-readable — use an analysis service.
TLS-RPT without MTA-STS. TLS-RPT only reports; enforcement is delivered by MTA-STS.
Wrong hostname. _smtp._tls, not _mta-sts.
Further reading
- IONOS Help: DNS settings (Add record) (retrieved: July 10, 2026)
- RFC 8460 — SMTP TLS Reporting
