Checks are an essential DMARCwise feature that help you discover issues with your TLSRPT configuration.

It evaluates the adherence of the configuration to standards and best practices, to ensure best compatibility and interoperability.

You can see checks results in the dashboard, by choosing a domain and then selecting the TLSRPT overview tab.

Checks

Checks is a feature that helps you identify potential issues and misconfigurations with your domain. It focuses on industry best practices and tries to highlight improvements that could be applied to the domain’s configuration.

We scan your domain to identify the issues hourly, or whenever a change (like a new TLSRPT record) is detected. When you make changes to your domain’s configuration, allow some time for the checks to refresh.

Here’s and example of how checks results look like:

TLSRPT checks list

How it works

Each check tells you what the scanner expected according to standards and best practises, and the colored icon signals whether the expectation was met.

The status of each check can either be:

  • Ok → no action needed.
  • Warning → a potential issue was detected and attention is needed.
  • Error → an invalid configuration was detected and it must be fixed as soon as possible. TLSRPT won’t work properly if you don’t fix this.
  • Suggestion → it’s a best practice to enable or configure the specified feature.
  • Not applicable → some checks aren’t always applicable, for example if there’s no TLSRPT record the other checks will be disabled.

List of TLSRPT checks

We currently perform the following DMARC checks:

  • TLSRPT should be configured.
  • There must be only a single TLSRPT record. Multiple records are an invalid configuration that prevents TLSRPT from working.
  • TLS reports should be delivered to DMARCwise.
  • There should be only one address in the rua tag of the TLSRPT record for best compatibility. Some providers don’t support multiple delivery locations and only take the first.