Last updated: July 2026

In short: After this guide your domain at Netcup publishes a TLS-RPT record and receives daily reports on encrypted delivery.

Prerequisites

What is TLS-RPT?

TLS-RPT (SMTP TLS Reporting, RFC 8460) is a DNS TXT record under _smtp._tls.your-domain. Receiving servers send daily aggregate reports on TLS delivery to the address named there. It enforces nothing — it shows you whether your MTA-STS protection works.

Step-by-step guide

1. Set the report address

A TLS-RPT analysis service processes the JSON reports.

2. Create the TXT record in the CCP

In the CCP under Domains, click the magnifying glass icon next to the domain and switch to the DNS tab. Create:

FieldValue
Host_smtp._tls
TypeTXT
Destinationv=TLSRPTv1; rua=mailto:tlsrpt@beispiel.de

3. Together with MTA-STS

Combine TLS-RPT with MTA-STS at Netcup.

4. Wait until the change is live

DNS changes take a few hours depending on TTL.

Verify the result

Check your configuration with the free MXAudit scanner.

dig TXT _smtp._tls.example.com +short

Common mistakes

rua to a normal mailbox. Use an analysis service.

TLS-RPT without MTA-STS. It only reports; enforcement is delivered by MTA-STS.

Wrong hostname. _smtp._tls, not _mta-sts.

Further reading