DMARC Analyzer 2.0 - TLS Reports

Overview
The TLS Reports page in Mimecast DMARC Analyzer gives you clear visibility into how well Transport Layer Security (TLS) is performing for email sent to and from your domains. By processing reports based on RFC 8460 – SMTP TLS Reporting, it helps you:

• Monitor TLS connection success and failure rates
• Troubleshoot encryption and configuration issues
• Verify that TLS policies are correctly applied
• Maintain secure and reliable email communication

TLS Reports turn raw TLS telemetry into actionable insights so you can quickly identify problem areas and validate that your email traffic is protected in line with your organization’s security standards.

To access the TLS Reports, follow these simplified steps:

1. Log in to Mimecast Administration Console
2. On the left panel, navigate to More Services | DMARC Analyzer 2.0 | TLS Reports

Key Features

Summary Cards

At the top of the TLS Reports page, two summary cards provide a high‑level snapshot of your TLS connection activity over the selected date range:

1. Successful Connections: Shows the total number of TLS connections that completed successfully.
2. Failed Connections: Shows the total number of TLS connections that failed. You can click either card to drill down into more detailed data and investigate specific issues.

These summaries give you an immediate sense of overall TLS health across your domains.

Connection Status by Date Chart

The Connection Status by Date chart visualizes TLS activity over time:

• A bar chart displays the volume of:

1. Successful connections (green bars)
2. Failed connections (red bars)

This helps you:

• Identify trends in TLS performance (for example, gradual increases in failures)
• Spot sudden spikes in failures that may indicate configuration changes or outages
• Compare behavior across different days within the selected period
• The chart makes it easier to understand when issues began and how long they persisted.

Domain Connections Table

The Domain Connections table provides a detailed breakdown of TLS activity for each domain included in the reports. For every domain you will see:

• Domain: The domain for which TLS connection data is reported.
• Policy: The TLS policy applied to the domain (for example, "sts" for SMTP MTA‑STS).
• Policy Mode: The mode of the TLS policy, such as:

1. "testing" – Policy is being evaluated but not fully enforced.
2. "enforce" – Policy is actively enforced for connections.

• Success Count: The number of successful TLS connections observed for that domain.
• Failure Count: The number of TLS connections that failed for that domain.
• Last Seen: The timestamp of the most recent TLS connection attempt for that domain.

You can expand individual rows to access additional information about specific connections where available. This level of detail supports targeted troubleshooting for each domain.

Search and Filter Options

TLS Reports include flexible controls to help you focus on the data that matters most:

• Search for Domain: Use the search box to quickly locate a specific domain by name.
• Filter by: Apply filters to narrow down the table results based on criteria such as:

1. Policy mode (for example, show only domains in "enforce" mode)
2. Connection status (for example, highlight domains with failures)

These options make it easier to isolate problematic domains and reduce noise when you are investigating issues.

Date Range Selector

You can adjust the time window used for TLS analysis:

• By default, the page shows data for the last 60 days.
• You can customize this by setting:

1. Start Date
2. End Date

This is useful when:

• Investigating a known incident over a specific time frame
• Comparing behavior before and after a configuration change
• Reviewing periodic performance (for example, monthly or quarterly)