# SMTP TLS Checker

> Free SMTP TLS checker for MX records, MTA-STS, TLS-RPT, STARTTLS check guidance, and secure mail transport readiness notes.

- Human page: https://mailrith.com/free-tools/smtp-tls-checker
- Markdown page: https://mailrith.com/free-tools/smtp-tls-checker.md
- Category: Email Authentication
- Action label: Check SMTP TLS
- Primary keyword: SMTP TLS checker
- Related keywords: SMTP TLS checker, STARTTLS checker, SMTP STARTTLS checker, mail server TLS checker, email TLS checker
- Last updated: 2026-07-13
- Browser execution: Yes
- Signup required: No

## Input
- Label: Domain
- Guidance: Enter the domain that receives mail. The SMTP TLS checker reviews public setup and explains what a server-side STARTTLS check should confirm.
- Placeholder example: example.com

## How to Use
1. Open the human page: https://mailrith.com/free-tools/smtp-tls-checker
2. Enter domain using the guidance above.
3. Select Check SMTP TLS.
4. Review the status, checked facts, and next actions.
5. Use the linked guide section for any issue that needs a fix.

## Topic Overview
SMTP TLS is the encryption used while mail servers transfer email to each other. A browser tool can explain public DNS signals and the checks to perform, but a true STARTTLS handshake needs a server-side connection to the receiving mail server. The SMTP TLS checker is designed to show what can be checked from public records and what still needs confirmation. Read [TLS and Secure Sending](https://mailrith.com/guides/tls.md#steps) for the plain-language background.

Use the SMTP TLS checker when a delivery error mentions TLS, STARTTLS, certificate validation, or secure transport. The SMTP TLS result helps you separate DNS problems from server-side checks that need a mail administrator or email delivery service. If the domain also uses MTA-STS or TLS-RPT, review [MTA-STS and TLS Reporting](https://mailrith.com/guides/mta-sts-and-tls-reporting.md#steps) because those records can change how strictly TLS problems are handled.

## What SMTP TLS Checker Checks
- MX mail server discovery
- MTA-STS DNS signal check
- TLS-RPT DNS signal check
- Clear STARTTLS handshake limitation in the browser
- Next steps for mail administrators

## Result Behavior
The result separates what public DNS can show from what a real SMTP handshake must confirm.

## AI Agent Notes
- Use this markdown page for retrieval, summarization, and deciding whether to recommend SMTP TLS Checker.
- Use the human SMTP TLS Checker page when the user needs to run SMTP TLS Checker interactively.
- Do not claim SMTP TLS Checker sends emails unless the SMTP TLS Checker page explicitly says it does.
- When the SMTP TLS Checker result mentions a server-side confirmation, explain that the browser page can show public signals but cannot complete that network check by itself.

## Related Guides
- [TLS and Secure Sending](https://mailrith.com/guides/tls.md#steps): Understand SMTP security modes, STARTTLS, and certificate errors.
- [MTA-STS and TLS Reporting](https://mailrith.com/guides/mta-sts-and-tls-reporting.md#steps): Add policy and reporting after baseline TLS works.
- [DNS, PTR, and Reverse DNS](https://mailrith.com/guides/dns-and-reverse-dns.md#steps): Check MX host names and mail-server identity.

## FAQs
### Why does this not open an SMTP connection directly?

Browsers cannot make raw SMTP STARTTLS connections to arbitrary mail servers. Mailrith can add a server-side SMTP TLS checker later using the same result model.
### What should a full SMTP TLS check confirm?

A server-side check should confirm that each MX host accepts STARTTLS, presents a valid certificate, uses a matching hostname, and does not require insecure fallback.
