Knowledge Base

Can I set FCrDNS, TLS-RPT and MTA-STS records in Plesk?

 
dnsdns statisticsdomain nameemailemail security

Question

  • What are FCrDNS, TLS-RPT and MTA-STS records used for?
  • Can I set FCrDNS, TLS-RPT and MTA-STS records in Plesk?

Answer

Such records are not supported for automatic provisioning by Plesk yet, however such a feature request already exists and can be viewed on the following link:

Deploy MTA Strict Transport Security – Your Ideas for Plesk

Top-rated feature requests are more likely to be included in future versions of Plesk.

In the meantime, you may set up such records manually by using the information in the sections below:

Details and general setup for FCrDNS
Details and general setup for TLS-RPT and MTA-STS

FCrDNS, or forward-confirmed reverse DNS is a situation where a given IP address has forward (name-to-address) and reverse (address-to-name) DNS entries that match each other.

In order to get the rDNS forward confirmed, you need to make sure that the IP address of your server has a PTR (also known as RDNS) record that matches the domain that is set up as a hostname for your server.

Further details about the contents of a PTR record for an IP address are available in the following article:

What hostname should be specified in PTR record for a domain hosted on a Plesk server?

The second condition is to make sure that the domain name that is used as the hostname of your server contains an A record that is the IP address of your server within its DNS zone.

The process of managing DNS records is detailed on the following page of the Plesk Obsidian documentation:

Managing DNS Records | Plesk Obsidian documentation

Once these two conditions are fulfilled, you will have a valid FCrDNS record automatically.

The TLS-RPT (short for TLS reporting) DNS record (must be added as a TXT record) provides enhanced visibility on all your email channels so that you gain better insight on all that is going on in your domain, including messages that are failing to be delivered.

The MTA-STS (Mail Transfer Agent-Strict Transport Security) DNS record (must be added as a TXT record) is a standard that enables mail service providers to enforce Transport Layer Security (TLS) to secure SMTP connections, and to specify whether the sending SMTP servers should refuse to deliver emails to MX hosts that do not support TLS. 

MTA-STS and TLS-RPT DNS records work together and their purpose is mostly to ensure that the emails do not get delivered and are returned to the sender if TLS fails and protect the domain owner against SMTP downgrade.

Warning: The use of TLS-RPT in combination with the MTA-STS, makes the email undeliverable if there are issues with the TLS of the domain, due to which you should use these DNS records only in case you are sure they are necessary for your email-related needs.

A good guide that explains how both of these records can be set up to work together is available on the following link:

How to Set Up MTA-STS and TLS Reporting to Identify and Fix Email Security Issues…

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

© 2025 WebPros International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of WebPros International GmbH.

Managed with love with Plesk WP Toolkit