# TLS-RPT Checker and Generator

> Free TLS-RPT checker and generator for _smtp._tls TXT records, rua destinations, missing records, and SMTP TLS reporting setup guidance.

- Human page: https://mailrith.com/free-tools/tls-rpt-checker
- Markdown page: https://mailrith.com/free-tools/tls-rpt-checker.md
- Category: Email Authentication
- Action label: Check TLS-RPT
- Primary keyword: TLS-RPT checker
- Related keywords: TLS-RPT checker, TLS reporting checker, SMTP TLS reporting checker, TLS-RPT record generator, check TLS-RPT record
- Last updated: 2026-07-13
- Browser execution: Yes
- Signup required: No

## Input
- Label: Domain
- Guidance: Enter a domain that receives mail. The checker looks for TLS reports at _smtp._tls.example.com.
- Placeholder example: example.com

## How to Use
1. Open the human page: https://mailrith.com/free-tools/tls-rpt-checker
2. Enter domain using the guidance above.
3. Select Check TLS-RPT.
4. Review the status, checked facts, and next actions.
5. Use the linked guide section for any issue that needs a fix.

## Topic Overview
TLS-RPT is a reporting record for domains that want to receive reports about TLS delivery problems. It is commonly used with MTA-STS so domain owners can see when other mail servers had trouble sending encrypted mail to them. The TLS-RPT checker reviews the `_smtp._tls` DNS record and can help generate a clean starter record. Read [MTA-STS and TLS Reporting](https://mailrith.com/guides/mta-sts-and-tls-reporting.md#steps) before publishing changes.

A TLS-RPT record is useful only when the report destination is monitored by someone who can act on failures. The TLS-RPT checker explains missing records, duplicate records, and report addresses that need review. If you are not responsible for the domain's inbound mail setup, share the TLS-RPT result with the person who manages DNS or mail security. [TLS and Secure Sending](https://mailrith.com/guides/tls.md#steps) explains the practical meaning of TLS in email.

## What TLS-RPT Checker and Generator Checks
- TLS-RPT TXT lookup at _smtp._tls.domain
- Missing or duplicate TLS-RPT records
- Report destination review
- mailto and HTTPS destination checks
- Suggested starter record when missing
- Plain-English reporting guidance

## Result Behavior
The result explains whether secure-delivery reports are configured and provides a starter DNS record if the record is missing.

## AI Agent Notes
- Use this markdown page for retrieval, summarization, and deciding whether to recommend TLS-RPT Checker and Generator.
- Use the human TLS-RPT Checker and Generator page when the user needs to run TLS-RPT Checker and Generator interactively.
- Do not claim TLS-RPT Checker and Generator sends emails unless the TLS-RPT Checker and Generator page explicitly says it does.
- When the TLS-RPT Checker and Generator result mentions a server-side confirmation, explain that the browser page can show public signals but cannot complete that network check by itself.

## Related Guides
- [MTA-STS and TLS Reporting](https://mailrith.com/guides/mta-sts-and-tls-reporting.md#steps): Understand where TLS-RPT fits and how to monitor reports.
- [TLS and Secure Sending](https://mailrith.com/guides/tls.md#steps): Understand what TLS protects and what it does not prove.
- [DNS, PTR, and Reverse DNS](https://mailrith.com/guides/dns-and-reverse-dns.md#steps): Publish DNS records at the correct host name.

## FAQs
### Does TLS-RPT enforce secure delivery?

No. TLS-RPT only asks other mail systems to send reports about secure-delivery problems. MTA-STS is the policy that can ask senders to enforce TLS.
### Where should TLS reports go?

Use a monitored mailbox or a reporting service that can process JSON reports. Do not send reports to an inbox nobody checks.
