("TestSender") looks backward at the sending end of an Internet eMail transfer to test the software, server, or appliance that sends email to the Internet. These include the sendmail type devices mentioned in TestReceiver, and for most organizations it is the same device that receives Internet email. Just because it is the same device does not mean that if secure email is working in one direction it will also be working in the other direction. The two setups are very different.
TestSender is Important
It is the sender's responsibility to assure that confidential information is protected during email transport. The receiver's responsibility starts when they receive the information. Senders must make sure sensitive emails are encrypted.
CheckTLS TestSender is Unique
Several Internet sites will probe your email address. We know that CheckTLS is the most comprehensive, but all of these are looking at how you receive email.
Only CheckTLS has tests that look at how you send email. Our technology lets you create custom mailers that you can send to.
For example, if you program your mailer to deprecate TLS 1.0 (as you should), what exactly does your mailer do when it encounters an old email domain that only uses TLS 1.0? CheckTLS is the only site on the Internet that lets you build such an old mailer and send a message to it.
CheckTLS is the only site that can prove your mailer will enforce your sending rules. And how you send is more important than how you receive.
Usingis a two-step process.
cannot tell your email system "send me an email". You'll need to do that, and before you do, you have to tell it's coming, and you do that by starting a Listener.
Visitors to CheckTLS must browse to thepage to start a Listener each time they want to test. Starting the Listener will generate a one-time TS Passcode that goes in the test email Subject: and connects the email to the Listener.
To start the test, send an email to test@TestSender.CheckTLS.com with your TS Passcode in the Subject: line. When your email system connects to CheckTLS to send us your email, answers instead and tests your sender as it sends the email.
As a convenience, thewebpage has a link that will start the email on your PC with the proper To: and Subject:.
Before using, you should add CheckTLS.com to your list of allowed domains so the returned report is not inadvertently marked as spam.
Should you wish to include other text besides the one-time-use code in the Subject of your email, i.e. if you have subscribed to CheckTLS and are automating may tests, just enclose the one-time-use code (for subscribers, your permanent Sender Test passcode) in parenthesis, like this:
Subject: Test number 12 (whizzywhig) on Tuesday
Since Subscribers have unlimited access towithout visiting the page, they can automate Sender tests. Because there is no way for us to tell your email system to "send us an email", you automate Sender testing by telling your email system to automatically send an email to our address (see above). That starts the test, just as if you started it from the webpage.
Understanding the Results
Results are emailed back to the address from which you sent the test email. The email shows whether or not the test was successful in the Subject: and also in the body of the text. This email is formatted in very simple html, so it is both readable even in non-html mailers and is also easily parsed by another computer or Excel.
Normal Result Email
The reply email looks like:
Your email was sent securely using TLS.
Show Extra Items Result Email
If you Select Extra Items to Show when starting a Listener atthe result email shows the fields you selected:
The conversation shows all of the commands and responses sent to and from the two servers as they transfer the email. In front of the log is a brief reminder of how to read it.
Any obvious errors found during the test are boxed in with asterisks so they're easy to find in the log:
**************************************** *** ********** Error Note ********** *** *** *** *** Sender used HELO instead of EHLO *** **************************************** ****************************************
Tests that use the next two fields take ten or more minutes to finish because your emailer has to try to send it twice. You can only have one test running at a time or the "send twice" logic will report incorrect results.
You can limit to set of accepted SSL versions by adding !version separated by ':', e.g. !TLSv1_1!TLSv1_2!TLSv1_3 to disable TLS versions 1.1, 1.2, and 1.3 while still allowing TLS version 1.0.
A reply email with all of the Extra Fields selected looks like:
Your email was sent securely using TLS.
|Date:||2019-03-28 18:34:38 EDT|
|ClientCert:||Subject Name: /OU=Domain Control Validated/CN=*.checktls.com Issuer Name: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2|
|SPF_mfrom.Record:||v=spf1 a mx -all|
|SPF_mfrom:||pass: local="yourdomain.com: 126.96.36.199 is authorized to use 'yourdomain.com' in 'mfrom' identity (mechanism 'a' matched)"|
|SPF_helo:||none: local="mailer.yourdomain.com: No applicable sender policy available"|
|DKIM:||pass: signature="@yourdomain.com" result="pass"|
(this email intentionally has limited formatting) The transcript of the eMail SMTP session is below, with: --> this is a line from your email system to us (~~> when encrypted) <-- this is a line to your email system from us (<~~ when encrypted) === this is a line about the tls negotiation (cypher, cert, etc) *** this is an error, warning, or info line that the test found <-- 220 ts6.checktls.com ESMTP TestSender Thu, 28 Mar 2019 18:34:38 -0400 --> EHLO mailer.yourdomain.com <-- 250-ts6.checktls.com Hello mailer.yourdomain.com [188.8.131.52], pleased to meet you <-- 250-ENHANCEDSTATUSCODES <-- 250-8BITMIME <-- 250-STARTTLS <-- 250 HELP --> STARTTLS <-- 220 Ready to start TLS ==== tls negotiation successful ==== ~~> EHLO mailer.yourdomain.com <~~ 250-ts6.checktls.com Hello mailer.yourdomain.com [184.108.40.206], pleased to meet you <~~ 250-ENHANCEDSTATUSCODES <~~ 250-8BITMIME <~~ 250 HELP ~~> MAIL FROM:<firstname.lastname@example.org> <~~ 250 Ok - mail from email@example.com ~~> RCPT TO:<test@TestSender.CheckTLS.com> <~~ 250 Ok - recipient test@TestSender.CheckTLS.com ~~> DATA <~~ 354 Send data. End with CRLF.CRLF ~~> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=checktls.com; s=default; ~~> \011t=1553812478; bh=9SOurAJMztVjUzL/ObtwLNnUl4c=; ~~> \011h=From:To:Subject:Date; ~~> \011b=L6M3B8qd7tE8zcny0MB76iKVYCYWY8z9S3IWxqauP0cjR8fsNbeis2aB/+THCDG25 ~~> \011 v1fnSKuZnfD+jeN8vlWJWwN7aP/nwTTWNdf5XdNi8CdhIfctjUoW1ZXwT+sZpp3ffU ~~> \011 1/l0URxMaRSwukjK8hYHebPUTFObi95kscVZTcOI=TcOI= ~~> From: <firstname.lastname@example.org> ~~> To: <test@TestSender.CheckTLS.com> ~~> Subject: yourpasscode ~~> Date: Thu, 28 Mar 2019 18:34:38 -0400 ~~> ~~> onelinemessage ~~> . <~~ 250 Ok ~~> QUIT <~~ 221 ts6.checktls.com closing connection