No TLS Reporting from Google

I setup MTA-STS and TLS-RPT on several domains so I could test TLS Reports in DMARCian. 2 domains use Microsoft Exchange server for mail. I am receiving TSL-RPT reports from them. 2 domains use Google Suite for mail. I receive no reports at all from Google.

I thought Google supported TLS-RPT… Has anyone else experienced this?

Hi Bill,

I have tested this myself with my domain, and I have not experienced any issues receiving reports from Google. However I am somewhat confused by your comment stating 2 domains use Google. Are you stating you sent emails from one of your Google domain to another, and did not receiver Google reports?

-AM

To clarify, I am referring to the TLS Manager, which is marked as Beta on my DMARCian control panel, not normal DMARC reports.

The 2 domains that use Microsoft Exchange have sent thousands of TLS-RPT messages, which have populated the TLS Reporting tab. This indicates the number of successful or failed TLS connections to the MX server following my MTA-STS policy.

The 2 domains that use Google Suite have not sent an single TLS-RPT message according to the the reporting tab.

Thank you for your response. I did understand what you meant. My confusion stems from the fact TLS Reports are sent by organizations that deliver to your domain. Also I assume you mean hosted Exchange (Exchange Online, or 365) as on premise exchange has no TLS-RPT capabilities. I am attempting to confirm that the behaviour your are expecting of TLS reporting is in fact correct in line with the TLS-RPT specification.

I’m still trying to learn about this too, so I may not be explaining this properly.

The domains using Exchange servers are receiving the most TLSRPT reports.
One domain is using the hybrid on-premise/online Exchange server. The other is just online/365. Those domains immediately started receiving TLS reports on DMARCian as soon as I setup my MTA-STS policy and TLS reporting.

My understanding was that Google products supported MTS-STS from April 2019. So I was surprised that I was not receiving any reports from those domains using Google Suite. However, after 20 days or so, I am starting to see a few reports from those domains now as well.

However, as you say, the TLS reports are from senders attempting to connect to your SMTP, so the mail server of the destination domain may not be the factor I should be looking at.

I believe with your explanation that you are likely on the correct course of deduction. I would surmise at this point that your domains hosted on Google are likely not receiving as much emails from sender that support sending of TLS Reporting. As long as you receive some, then your policy is unlikely to be the culprit, but much more likely the lack of adoption by senders to these domains.