fastmail.de - TLS / STARTTLS Test

Discover if the mail servers for fastmail.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Thu, 26 May 2022 20:57:38 +0000

Certificates

Trustworthy
Protocol

Secure
DANE

Missing

The mailservers of fastmail.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @fastmail.de addresses.

Hostname / IP address	Priority	STARTTLS	Certificates	Protocol
in1-smtp.messagingengine.com 66.111.4.71	10	supported	*.messagingengine.com	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2022-05-26 12 s
in1-smtp.messagingengine.com 66.111.4.74	10	supported	*.messagingengine.com	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2022-05-26 12 s
in1-smtp.messagingengine.com 66.111.4.70	10	supported	*.messagingengine.com	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2022-05-26 12 s
in1-smtp.messagingengine.com 66.111.4.75	10	supported	*.messagingengine.com	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2022-05-26 12 s
in1-smtp.messagingengine.com 66.111.4.73	10	supported	*.messagingengine.com	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2022-05-26 12 s
in1-smtp.messagingengine.com 66.111.4.72	10	supported	*.messagingengine.com	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2022-05-26 12 s
in2-smtp.messagingengine.com 64.147.123.51	20	supported	*.messagingengine.com	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2022-05-26 15 s
in2-smtp.messagingengine.com 64.147.123.52	20	supported	*.messagingengine.com	DANE missing PFS supported Heartbleed not vulnerable Weak ciphers not found	TLSv1.2 TLSv1.1 TLSv1.0 ~~SSLv3~~	2022-05-26 15 s

Outgoing Mails

We have not received any emails from a @fastmail.de address so far. Test mail delivery

Certificates

First seen at: 2022-03-15

CN=*.messagingengine.com,O=FastMail Pty Ltd,L=Melbourne,ST=Victoria,C=AU

Certificate chain

*.messagingengine.com
- 2023-03-10 remaining
- 2048 bit
- sha256WithRSAEncryption

Subject

Country (C)

State (ST)

Victoria

Locality (L)

Melbourne

Organization (O)

FastMail Pty Ltd

Common Name (CN)

*.messagingengine.com

Alternative Names

*.messagingengine.com
messagingengine.com
mail.messagingengine.com
dav.messagingengine.com
caldav.messagingengine.com
carddav.messagingengine.com

Issuer

Country (C)

Organization (O)

DigiCert Inc

Common Name (CN)

DigiCert TLS RSA SHA256 2020 CA1

validity period

Not valid before: 2022-03-06
Not valid after: 2023-03-10

This certifcate has been verified for the following usages:

Digital Signature
Key Encipherment
TLS Web Server Authentication
TLS Web Client Authentication

Fingerprints

SHA256: 3D:1D:6B:D6:2A:9B:2A:2D:97:FF:50:80:66:9E:0D:98:88:CB:A9:91:07:0F:12:A5:17:85:2D:1F:46:B7:E4:7B
SHA1: 6D:6E:C5:04:28:7D:10:3D:AD:FC:92:1B:84:64:7F:86:D3:05:87:27

X509v3 extensions

authorityKeyIdentifier

keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4

subjectKeyIdentifier

89:10:FD:AE:C1:6F:89:81:FE:74:8C:EF:92:9C:53:70:7D:E4:77:D8

crlDistributionPoints

Full Name:
URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl

certificatePolicies

Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS

authorityInfoAccess

OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt

ct_precert_scts

Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AD:F7:BE:FA:7C:FF:10:C8:8B:9D:3D:9C:1E:3E:18:6A:
B4:67:29:5D:CF:B1:0C:24:CA:85:86:34:EB:DC:82:8A
Timestamp : Mar 6 09:56:54.417 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:9E:5E:82:8C:FB:EF:BF:43:99:95:24:
6F:DC:AB:F9:B8:A5:AA:74:77:E7:48:1E:72:BA:EF:32:
46:64:02:9B:6A:02:21:00:E6:1B:A4:32:84:E0:18:AC:
76:9D:41:C2:7A:05:32:43:5A:C1:38:7E:72:C4:AE:8C:
15:A6:19:F8:9E:4D:D6:02
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 35:CF:19:1B:BF:B1:6C:57:BF:0F:AD:4C:6D:42:CB:BB:
B6:27:20:26:51:EA:3F:E1:2A:EF:A8:03:C3:3B:D6:4C
Timestamp : Mar 6 09:56:54.412 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:E6:A6:B2:87:F8:86:35:2A:57:01:60:
D9:AF:1A:C7:3C:58:BB:2C:6A:45:18:8B:7A:78:D5:2F:
D1:58:BF:10:1E:02:21:00:CE:55:8B:7A:12:6B:5D:64:
D3:2C:13:78:9E:00:D2:4F:B4:1A:44:B8:D9:D8:2F:48:
AE:19:ED:70:91:2D:B3:11
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : B3:73:77:07:E1:84:50:F8:63:86:D6:05:A9:DC:11:09:
4A:79:2D:B1:67:0C:0B:87:DC:F0:03:0E:79:36:A5:9A
Timestamp : Mar 6 09:56:54.463 2022 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:34:F5:79:89:44:6F:75:C6:75:A4:88:05:
13:10:C9:C1:26:01:E4:27:25:27:24:F5:C1:0D:F0:19:
CD:88:10:40:02:21:00:CF:9A:5D:58:05:0A:8F:08:63:
D6:D7:B3:E0:2E:F2:CC:28:A8:04:6A:65:0C:2C:59:CD:
58:E7:2B:E9:62:BF:00

SSL check results of fastmail.de