Checks and Validation issues are two essential DMARCwise feature that help you discover issues with your TLSRPT configuration and DNS record.

They evaluate the adherence of the configuration to standards and best practices, to ensure best compatibility and interoperability.

You can see checks results and the validation status in the dashboard, by choosing a domain and then selecting the TLSRPT overview tab.

Checks

Checks is a feature that helps you identify potential issues and misconfigurations with your domain. It focuses on industry best practices and tries to highlight improvements that could be applied to the domain’s configuration.

We scan your domain to identify the issues hourly, or whenever a change (like a new TLSRPT record) is detected. When you make changes to your domain’s configuration, allow some time for the checks to refresh.

Here’s and example of how checks results look like:

TLSRPT checks list

How it works

Each check tells you what the scanner expected according to standards and best practices, and the colored icon signals whether the expectation was met.

The status of each check can either be:

  • Ok → no action needed.
  • Warning → a potential issue was detected and attention is needed.
  • Error → an invalid configuration was detected and it must be fixed as soon as possible. TLSRPT won’t work properly if you don’t fix this.
  • Suggestion → it’s a best practice to enable or configure the specified feature.
  • Not applicable → some checks aren’t always applicable, for example if there’s no TLSRPT record the other checks will be disabled.

List of TLSRPT checks

We currently perform the following DMARC checks:

  • TLSRPT should be configured.
  • There must be only a single TLSRPT record. Multiple records are an invalid configuration that prevents TLSRPT from working.
  • TLSRPT record must be syntactically valid
  • TLS reports should be delivered to DMARCwise.
  • Prefer using only one address in the rua tag of the TLSRPT record for best compatibility. Since some providers only deliver reports to the first listed address, additional destinations may not receive any reports.

Record validation

We scan all TLSRPT records through our TLSRPT record parser, which is capable of analyzing the syntax to identify issues that could prevent TLS reporting from working properly with mail servers.

Here’s an example of how the validation issues list looks like:

TLSRPT record validation issues list example

We validate the record to make sure that:

  • No leading whitespace is present.
  • Reporting URI (rua) is present.
  • All URIs are correctly formatted.
  • All field names are valid.
  • No duplicate fields are found.
  • No misplaced URIs are detected.
  • No invalid spacing (e.g. around the = signs) is detected.