Instructions/Info

//email/testTo: ("TestReceiverAssureTLS") is uniquely suited to testing email systems that are configured to Mandate TLS. See Mandatory TLS.

How to run it

Type in an email address that has Mandatory TLS turned on.

Leave the Output Level set to "Detail".

Click the Run Test button.

Use the address test@MandatoryTLS.CheckTLS.com to see a successful test.

What it does

When you click Run Test, //email/testMandatoryTo: ("TestReceiverAssureTLS") makes sure that Mandatory TLS is working. It does not accept the receiver's invitation to use TLS but instead tries to send an email as plain text.

TestReceiverAssureTLS performs some of the steps that Internet email systems go through to send email. When the remote system offers encryption options, TestReceiverAssureTLS ignores the offer and tries to send the email in plain text. Allowing plain text email is the desired behavior of most Internet email systems, so most Internet email systems should fail this test. As with TestReceiver, it records every command and byte of data it sends and every answer and byte of data that it receives, and it also never actually sends an email

What it shows

Assuredness Factor

For all Output Levels TestReceiverAssureTLS shows our unique Assuredness Factor.

This is either zero or 100, showing whether or not Mandatory TLS is working. For domains with multiple email servers (MX hosts), it checks each one. Every MX host must Mandate TLS or the overall score is zero.

MX Matrix

The next level of output is the MX Matrix. TestReceiverAssureTLS groups the steps of testing Mandatory TLS into 5 stages. The MX Matrix shows, for each MX host, how long each stage took and whether it was successful or not. Use the MX Matrix to look by MX Host where a weaknesses is in the system.

See the TestReceiver Full Documentation for more information about the MX Matrix stages.

Detail

The next levels of output is Detail. Detail is the log of TestReceiverAssureTLS's interaction with the recipient's email system. Because TestReceiverAssureTLS finds out very quickly if the recipient's email will allow plain text email, there is not much additional output in the Detail level and it is self-explanatory.

More Options

TestReceiverAssureTLS has the same More Options as normal TestReceiver so you can test custom/private email systems for Mandatory TLS. See email/test/To: for more information.

Input Fields
TestReceiverAssureTLS parameter entry
  1. - + (less/more output)
More Options (MTA-STS, DANE, DNSSEC, AUTH, SOCKS, noCache, Cert)
  1.   (subscribers can run tests faster)
  2.   (less accurate Confidence Factor)
  3.   (see rfc-2818 section 3.1 paragraph 4)
  4. (seconds)
  5. (number or percent)
  6. (number or percent)
  7. (number or percent)
  8. (seconds)
  9. (seconds)
  10. (sends MX hostname, by default no SNI is sent)
  11. (by default no client cert is sent)
  12.   (only used with XML Output Formats)

The following options are restricted. You can only use them on your own domain(s) and only on email systems that you directly control and that will not view CheckTLS as a threat. You may not use them on other domains, including your clients, vendors, or affiliates. Improper use will harm CheckTLS.com and we will block your access and cancel your subscription without refund.

These options are not useful for testing the security of an email server. They do not affect the Confidence Factor and have no bearing on the security of emails.


Test Results

Test results will show here when a test is run.