Instructions/Info

See the //email/testFrom:Full Documentation for more information.

How to run it

Start //email/testFrom: ("TestSender") by sending us an email.

See below for how and where to send the email.

Before using //email/testFrom: you may want to list CheckTLS.com in your list of allowed domains (whitelist us) so the report //email/testFrom: returns to you is not sent to your spam folder.

We cannot respond to Challenge-response email filters (e.g. SpamArrest, Support Sentry SpamBlock, iPermitMail) so you MUST manually allow mail from CheckTLS.com.

This passcode only works once. You can refresh this page to receive another one.

Corporate Subscribers also have this option:

Save to file
Save the test result in a file our our website instead of sending it back to the sending email address. Use Get TS Results to view. Results are kept for one week.
Select Extra Items to Show

You can ask for these additional data fields:

TLS Status
Show "Successful" or "Unsuccessful" (same as the email title, but easier to search/parse).
Text Result
Format the reply (result) email as text/plain (i.e. not HTML).
Email Headers
Show the From: Via: Date: and Subject: headers from the originating email.
SSL Version Used
Show the version of SSL used (SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2, TLSv1_3).
SSL Cipher Used
Show the cipher used (see openssl.org).
Cert Sent by Sender
Show the Cert sent by the client.
SNI Used By Sender
Show the SNI name used by the client.
SPF Info
Show SPF (Sender Policy Framework) lookup and result.
DKIM Info
Show DKIM (DomainKeys Identified Mail) signature, lookup, and result.
DMARC Info
Show DMARC (Domain-based Message Authentication, Reporting, and Conformance) lookup and result.
BIMI Info
Show BIMI (Brand Indicators for Message Identification) lookup and result.
DNS
Show DNS queries.
SMTP Log
Show the entire SMTP (Simple Mail Transport Protocol conversation between your client and our server.
Set SSL Version
Sets the version(s) of the SSL protocol that can be used: SSLv2, SSLv3, TLSv1, TLSv11, TLSv12, TLSv13, SSLv23 (SSL2.0, SSL3.0 and TLS1.x). All values are case-insensitive.
You can limit to set of accepted SSL versions by adding !version separated by ':', e.g. !TLSv1_1!TLSv1_2!TLSv1_3 to disable TLS versions 1.1, 1.2, and 1.3 while still allowing TLS version 1.0.
Set SSL Cipher List
Sets the list of Ciphers that can be used, e.g. something like 'ALL:!LOW:!EXP:!aNULL' (see openssl.org for more details.
What it does

When you send an email to the special address listed below with your unique passcode, //email/testFrom: performs all the steps that Internet email systems go through to receive email. It records every command and byte of data that your system sends and every answer and byte of data that our system replies back. //email/testFrom: does actually receive your email, and it learns as much about your system as it can in the process.

Because CheckTLS focuses on security, //email/testFrom: tries to establish a secure (TLS) connection with your system. Along with recording everything, it looks at the security of the your system for things like: certificate contents and signers, encryption algorithms, key lengths, hostname mis-matches, weak cyphers, etc.

What it shows

//email/testFrom: replies to your email with its results.

The reply email looks like one of these:

From: CheckTLS Test Sender TLS <testsender@CheckTLS.com>
Subject: SUCCESSFUL

SUCCESSFUL //email/testFrom:

Your email was sent securely using TLS.

From: CheckTLS Test Sender TLS <testsender@CheckTLS.com>
Subject: FAILED

FAILED //email/testFrom:

Your email was sent, however it was NOT SENT SECURELY using TLS.

Extra Items Shown

See the //email/testFrom:Full Documentation for what the result email looks like if you select Extra Items to Show.

Input Fields
TestSender parameter entry

This //email/TestFrom: test ("TestSender") requires you to send us an email after you tell us to listen for it.
Open Instructions/Info above for more information.

Select Extra Items to Show
  1. Tests that use the next two fields take ten or more minutes to finish because your emailer has to try to send it twice. You can only have one test running at a time or the "send twice" logic will report incorrect results.


More information will show here when a Listener is Started.