Javascript is required to view this page. Please visit the scanner to find out how secure an e-mail server is.

Scanning domain...

This will take a few seconds.

Something went wrong

There was an error processing your request to scan your domain. Please try again later.

How secure is your domain?

Could not connect to your domain

We couldn't connect to any of your mailservers!

Couldn't connect to your domain

We couldn't find any MX records for your domain! Did you make a typo or enter the wrong email domain? Make sure to enter the part of your email address after the @!

Try again?

Not great.

At least one of your mailboxes doesn't support STARTTLS!

This means that when you send e-mail to this domain, anyone listening in on your network, your recipient's network, or on your domains's networks can read your e-mails, and some can even alter them!

Not great.

At least one of your mailboxes isn’t fully secured!

This means that when you send e-mail to this domain, anyone listening in on your network, your recipient's network, or on your domains's networks can read your e-mails, and some can even alter them!

Your Domain

STARTTLS Policy List
Your mail domain is on the STARTTLS Policy List! This means you’re protected against downgrade attacks when receiving email from anyone using the list.
STARTTLS Policy List
Your mail domain is queued to be added to the STARTTLS policy list. We’ll contact you by e-mail when this occurs, or you can check back here.

Mailboxes

Supports STARTTLS
Does not support STARTTLS

“STARTTLS” is the command an email server sends if it wants to encrypt communications (using Transport Layer Security or “TLS”) with another email server. If your server supports STARTTLS, that means any other server that supports STARTTLS can communicate securely with it.

This checks that your email server sends the STARTTLS command correctly, as well as accepting the STARTTLS command from other servers.

Uses a secure version of TLS
Does not use a secure TLS version

TLS has changed many times over the years. Researchers have discovered security flaws in some older versions, named “SSLv2” and “SSLv3”, so technologists across the internet are working to deprecate SSLv2/3.

This checks that your email server does not allow establishing a valid TLS connection over SSLv2/3.

Presents a valid certificate
Does not present a valid certificate

On the internet, even if you think you’re talking to a service named “eff.org”, it could be an impersonator pretending to be “eff.org”. Checking a mail server’s certificate helps ensure that you really are talking to the actual service.

In order for your certificate to be valid for your email domain, it should be unexpired, chain to a valid root, and one of the names on the certificate should either match the domain (the part of an email address after the @) or the server’s hostname (the name of the server, as indicated by an MX record).

Server is up and running
Could not establish connection
We couldn’t successfully connect to this mailserver to scan it.