Instructions/Info
See the Full Documentation for more information.
How to run it
Start ("TestSender") by sending us an email.
See below for how and where to send the email.
Before using you may want to list CheckTLS.com in your list of allowed domains (whitelist us) so the report returns to you is not sent to your spam folder.
We cannot respond to Challenge-response email filters (e.g. SpamArrest, Support Sentry SpamBlock, iPermitMail) so you MUST manually allow mail from CheckTLS.com.
This passcode only works once. You can refresh this page to receive another one.
Corporate Subscribers also have this option:
- Save to file
- Save the test result in a file our our website instead of sending it back to the sending email address. Use Get TS Results to view. Results are kept for one week.
Select Extra Items to Show
You can ask for these additional data fields:
- TLS Status
- Show "Successful" or "Unsuccessful" (same as the email title, but easier to search/parse).
- Text Result
- Format the reply (result) email as text/plain (i.e. not HTML).
- Email Headers
- Show the From: Via: Date: and Subject: headers from the originating email.
- SSL Version Used
- Show the version of SSL used (SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2, TLSv1_3).
- SSL Cipher Used
- Show the cipher used (see openssl.org).
- Cert Sent by Sender
- Show the Cert sent by the client.
- SNI Used By Sender
- Show the SNI name used by the client.
- SPF Info
- Show SPF (Sender Policy Framework) lookup and result.
- DKIM Info
- Show DKIM (DomainKeys Identified Mail) signature, lookup, and result.
- DMARC Info
- Show DMARC (Domain-based Message Authentication, Reporting, and Conformance) lookup and result.
- BIMI Info
- Show BIMI (Brand Indicators for Message Identification) lookup and result.
- DNS
- Show DNS queries.
- SMTP Log
- Show the entire SMTP (Simple Mail Transport Protocol conversation between your client and our server.
- Set SSL Version
-
Sets the version(s) of the SSL protocol that can be used: SSLv2, SSLv3, TLSv1, TLSv11, TLSv12, TLSv13, SSLv23 (SSL2.0, SSL3.0 and TLS1.x). All values are case-insensitive.
You can limit to set of accepted SSL versions by adding !version separated by ':', e.g. !TLSv1_1!TLSv1_2!TLSv1_3 to disable TLS versions 1.1, 1.2, and 1.3 while still allowing TLS version 1.0. - Set SSL Cipher List
- Sets the list of Ciphers that can be used, e.g. something like 'ALL:!LOW:!EXP:!aNULL' (see openssl.org for more details.
What it does
When you send an email to the special address listed below with your unique passcode, performs all the steps that Internet email systems go through to receive email. It records every command and byte of data that your system sends and every answer and byte of data that our system replies back. does actually receive your email, and it learns as much about your system as it can in the process.
Because CheckTLS focuses on security, tries to establish a secure (TLS) connection with your system. Along with recording everything, it looks at the security of the your system for things like: certificate contents and signers, encryption algorithms, key lengths, hostname mis-matches, weak cyphers, etc.
What it shows
replies to your email with its results.
The reply email looks like one of these:
Subject: SUCCESSFUL
SUCCESSFUL
Your email was sent securely using TLS.
Subject: FAILED
FAILED
Your email was sent, however it was NOT SENT SECURELY using TLS.
Extra Items Shown
See the Full Documentation for what the result email looks like if you select Extra Items to Show.
Input Fields
More information will show here when a Listener is Started.