How does TLS-RPT work with MTA-STS?

TLS RPT defined in RFC 8460 and MTA STS defined in RFC 8461 were designed as companion standards. You cannot safely move to enforce mode in MTA STS without first using TLS RPT reports from testing mode to find and fix failures.

TLS RPT reports failures or misconfigurations in your MTA STS deployment. It helps diagnose encryption problems so you can fix them before they block mail.

Some senders also use TLS RPT without full MTA STS enforcement simply to monitor the health of their TLS connections, but the reports are most valuable when you have an active MTA STS policy.