TrekMail TrekMail

Recommended DNS Records (TLSRPT, MTA-STS)

This guide explains Optional but recommended DNS records for extra security and reporting. so you can complete the TrekMail task with confidence.

Article details

Type, difficulty, plans, and last updated info.
Type
Reference
Difficulty
Beginner
Plans
Starter · Pro · Agency
Last updated
Dec 14, 2025

While MX, SPF, DKIM, and DMARC are mandatory for basic delivery, TrekMail recommends three additional records to tighten security and improve deliverability reporting. Adding these will remove the "Warning" status from your domain health.

Who this is for

  • Admins who want the highest security score.
  • Users seeing "Active (Warnings)" on their domain.

The Recommended Records

You will find these in the DNS & Health tab under the Recommended section.

Record Type Term Purpose
TLSRPT TXT TLS Reporting Asks other servers to report connection issues to us.
MTA-STS Policy TXT Mail Transfer Agent Strict Transport Security Announces that you support strict encryption.
MTA-STS Host CNAME (The hosted policy file) Points to the file that enforces encryption rules.

1. TLS Reporting (TLSRPT)

Host: _smtp._tls Value: v=TLSRPTv1; rua=mailto:tlsrpt@trekmail.net

This record tells senders like Google and Microsoft where to send reports if they have trouble connecting securely to your domain. TrekMail collects these reports to monitor your deliverability health.

2. MTA-STS (Strict Transport Security)

MTA-STS typically requires setting up a web server to host a policy file. TrekMail handles this for you via a CNAME record. You need two records for this to work:

The Policy ID (TXT)

Host: _mta-sts Value: v=STSv1; id=2025112401 This simply tells the world "I have a policy, and this is the current version ID."

The Policy Host (CNAME)

Host: mta-sts Value: mta-sts.trekmail.net This points the subdomain mta-sts.yourdomain.com to our servers, where we serve the required HTTPS policy file automatically.

Common mistakes & quick fixes

  • Symptom: Domain is "Active (Warnings)".
    • Cause: One or more of these recommended records is missing.
    • Fix: Add them to your DNS. They are not strictly required for mail flow, but they help reputation.
  • Symptom: CNAME Conflict on mta-sts.
    • Cause: You might have an old CNAME or A record for mta-sts.
    • Fix: Delete the old record and replace it with the one pointing to trekmail.net.
  • Symptom: TXT Hostname confusion.
    • Tip: Ensure your DNS provider doesn't require the full domain. Usually _mta-sts is enough. If you type _mta-sts.example.com, some providers might create _mta-sts.example.com.example.com.

See also

Related articles

Jump to nearby guides that continue the workflow.

Adding a Domain to TrekMail

How to add a domain in the Domains page and what each status means.

Read article

Setting Up a Catch-All Inbox

How to route unknown addresses to a single mailbox and when to use it.

Read article

Domain Email Stats (Last 30 Days)

How Sent, Delivered, Bounces, and Bounce Rate are calculated and displayed.

Read article

Removing a Domain from TrekMail

What happens when you delete a domain and how it affects mailboxes.

Read article

DNS Setup with Popular Providers

Short step-by-step DNS setup guides for registrars like Cloudflare, Namecheap, and GoDaddy.

Read article

Keep reading

Previous

Required DNS Records (MX, SPF, DKIM, DMARC)

Mandatory DNS records with explanations and examples.

Next

Checking DNS Status and Verifying a Domain

How “Last checked”, status badges, and the Verify DNS button work.

We use cookies for essential functionality. No ads, no tracking pixels.

Welcome to TrekMail

Continue with Google
Or continue with email
Continue with Google
Or register with email

Reset email sent

If an account exists for this email, we've sent password reset instructions.

By continuing, you agree to TrekMail's Terms and Privacy Policy.