What is SMTP TLS Reporting?

SMTP TLS Reporting is about receiving reports from the internet regarding possible connection security issues that servers experience when connecting to your inbound email systems.

Due to the open structure of the SMTP protocol, the connections between SMTP servers are susceptible to SMTP TLS downgrade attacks. The benefit of SMTP TLS reports is that it enables organizations to gain visibility and start enforcing TLS connection security via additional security standards like DNS-Based Authentication of Named Entities (DANE) & Mail Transfer Agent Strict Transport Security (MTA-STS).

What are the benefits of SMTP TLS Reporting?

  • Gain visibility into 
    • Successful and unsuccessful TLS connections
    • Man in The Middle (MiTM) attacks (certificate mismatch)
    • Expired certificates
    • Servers not answering
    • Certificates not validating against Certificate Authorities (CA)
  • Ability to implement next-generation SMTP transport security protocols: DANE for SMTP & SMTP MTA-STS

How To Set Up SMTP TLS Reporting

Every dmarcian account has a unique SMTP TLS reporting address for sending reports. To find the reporting email address, login to your account, click on the username in the top right corner, and go to the Preferences page. The SMTP TLS Reporting Address is published under Account Details.

Now you can publish the following DNS TXT record on every domain that receives messages (has a DNS MX record) that you would like to set up monitoring:

NAME:_smtp._tls.<example.org>
TYPE: TXT
CONTENT:”v=TLSRPTv1; rua=mailto:<TLS Reporting Address>

How To View SMTP TLS Reporting

Our TLS Reporting interface is designed very similarly to that of our Detail Viewer. It allows you to filter your mail flow to a specific problem area to access the data you need to make policy implementation decisions.

To use the TLS Reporting feature, login to your dmarcian account and click on “TLS Manager” in the top right of the interface then select “TLS Reporting” from the drop-down.

dmarcian's TLS Reporting interface

dmarcian provides reporting and tooling to help you maintain visibility on your journey to improving the security of your email. We have reporting to accept TLS reports and inspector tools to be sure you have your records set up properly. If you’re interested in trying out our capabilities reach out to our team via the chat or start a trial.

Want to continue the conversation? Head over to the dmarcian Forum