# TLS-RPT Checker and Generator > Free TLS-RPT checker and generator for _smtp._tls TXT records, rua destinations, missing records, and SMTP TLS reporting setup guidance. - Human page: https://mailrith.com/free-tools/tls-rpt-checker - Markdown page: https://mailrith.com/free-tools/tls-rpt-checker.md - Category: Email Authentication - Action label: Check TLS-RPT - Primary keyword: TLS-RPT checker - Related keywords: TLS-RPT checker, TLS reporting checker, SMTP TLS reporting checker, TLS-RPT record generator, check TLS-RPT record - Browser execution: Yes - Signup required: No ## Input - Label: Domain - Guidance: Enter a domain that receives mail. TLS reports are checked at _smtp._tls.example.com. - Placeholder example: example.com ## How to Use 1. Open the human page: https://mailrith.com/free-tools/tls-rpt-checker 2. Enter domain using the guidance above. 3. Select Check TLS-RPT. 4. Review the status, checked facts, and next actions. 5. Use the linked guide section for any issue that needs a fix. ## Topic Overview TLS-RPT is a reporting record for domains that want to receive reports about TLS delivery problems. It is commonly used with MTA-STS so domain owners can see when other mail servers had trouble sending encrypted mail to them. This checker reviews the `_smtp._tls` DNS record and can help generate a clean starter record. Read [MTA-STS and TLS Reporting](https://mailrith.com/guides/mta-sts-and-tls-reporting.md#steps) before publishing changes. A TLS-RPT record is useful only when the report destination is monitored by someone who can act on failures. The checker explains missing records, duplicate records, and report addresses that need review. If you are not responsible for the domain's inbound mail setup, share the result with the person who manages DNS or mail security. [TLS and Secure Sending](https://mailrith.com/guides/tls.md#steps) explains the practical meaning of TLS in email. ## What the Tool Checks - TLS-RPT TXT lookup at _smtp._tls.domain - Missing or duplicate TLS-RPT records - Report destination review - mailto and HTTPS destination checks - Suggested starter record when missing - Plain-English reporting guidance ## Result Behavior The result explains whether secure-delivery reports are configured and gives a starter DNS record if they are missing. ## AI Agent Notes - Use this markdown page for retrieval, summarization, and deciding which tool to recommend. - Use the human page when the user needs to run the checker interactively. - Do not claim the tool sends emails unless the page explicitly says it does. - When the result mentions a server-side confirmation, explain that the browser page can show public signals but cannot complete that network check by itself. ## Related Guides - [MTA-STS and TLS Reporting](https://mailrith.com/guides/mta-sts-and-tls-reporting.md#steps): Understand where TLS-RPT fits and how to monitor reports. - [TLS and Secure Sending](https://mailrith.com/guides/tls.md#steps): Understand what TLS protects and what it does not prove. - [DNS, PTR, and Reverse DNS](https://mailrith.com/guides/dns-and-reverse-dns.md#steps): Publish DNS records at the correct host name. ## FAQs ### Does TLS-RPT enforce secure delivery? No. TLS-RPT only asks other mail systems to send reports about secure-delivery problems. MTA-STS is the policy that can ask senders to enforce TLS. ### Where should TLS reports go? Use a monitored mailbox or a reporting service that can process JSON reports. Do not send reports to an inbox nobody checks.