SMTP TLS Reporting
What is SMTP TLS Reporting?
SMTP TLS Reporting is about receiving reports from the internet regarding possible connection security issues that servers experience when connecting to your inbound email systems.
Due to the open structure of the SMTP protocol, the connections between SMTP servers are susceptible to SMTP TLS downgrade attacks. The benefit of SMTP TLS reports is that it enables organizations to gain visibility and start enforcing TLS connection security via additional security standards like DNS-Based Authentication of Named Entities (DANE) & Mail Transfer Agent Strict Transport Security (MTA-STS).
What are the benefits of SMTP TLS Reporting?
- Gain visibility into
- Successful and unsuccessful TLS connections
- Man in The Middle (MiTM) attacks (certificate mismatch)
- Expired certificates
- Servers not answering
- Certificates not validating against Certificate Authorities (CA)
- Ability to implement next-generation SMTP transport security protocols: DANE for SMTP & SMTP MTA-STS
How to set up SMTP TLS Reporting
Every dmarcian account has a unique SMTP TLS reporting address for sending reports. To find the reporting email address, login to your account, click on the username in the top right corner, and go to the Preferences page. The SMTP TLS Reporting Address is published under Account Details.
Now you can publish the following DNS TXT record on every domain that receives messages (has a DNS MX record) that you would like to set up monitoring:
CONTENT:”v=TLSRPTv1; rua=mailto:<TLS Reporting Address>“
Note: Your DNS Provider may only need you to specify
_smtp._tls as they may provide the the
example.org for you; check with your DNS provider.
How to view SMTP TLS Reporting
Our TLS Reporting interface is designed very similarly to that of our Detail Viewer. It allows you to filter your mail flow to a specific problem area to access the data you need to make policy implementation decisions.
To use the TLS Reporting feature, login to your dmarcian account and click on “TLS Manager” in the top right of the interface then select “TLS Reporting” from the drop-down.
dmarcian provides reporting and tooling to help you maintain visibility on your journey to improving the security of your email. We have reporting to accept TLS reports and inspector tools to be sure you have your records set up properly.
If you’re interested in trying out our capabilities reach out to our team or start a trial with no strings attached.
Want to continue the conversation? Head over to the dmarcian Forum.