check_tlsrpt
Check SMTP TLS Reporting (TLS-RPT) configuration by querying _smtp._tls. and validating the reporting destination URI (mailto: or https:). Flags missing, duplicate, or invalid records to monitor TLS delivery failures.
Instructions
Check whether a domain has SMTP TLS Reporting (TLS-RPT) configured. Queries _smtp._tls. for the v=TLSRPTv1 record and validates its reporting destination (rua= mailto:/https:), flagging a missing record, duplicate records, or an invalid/absent reporting URI. Complements MTA-STS by giving visibility into TLS delivery failures. Part of the scan_domain audit.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Domain to check (e.g., example.com) | |
| format | No | Output verbosity. Auto-detected if omitted. | |
| force_refresh | No | Bypass cache and run a fresh check. Useful after DNS changes. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| score | Yes | ||
| passed | Yes | ||
| category | Yes | ||
| findings | Yes |