SSL-Tools

SSL check results of mail.com

NEW You can also bulk check multiple servers.

Discover if the mail servers for mail.com can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Tue, 02 Apr 2024 15:17:36 +0000

The mailservers of mail.com can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @mail.com addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx01.mail.com
74.208.5.22
 10
supported
mx.mail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
7 s
mx00.mail.com
74.208.5.20
 10
supported
mx.mail.com
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
6 s

Outgoing Mails

We have received emails from these servers with @mail.com sender addresses. Test mail delivery

Host TLS Version & Cipher
mout.gmx.com (74.208.4.201)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.com (74.208.4.200)
TLSv1.3 TLS_AES_256_GCM_SHA384
unknown (185.36.81.164)
Insecure - not encrypted!
unknown (185.36.81.64)
Insecure - not encrypted!
unknown (103.125.189.175)
Insecure - not encrypted!

Certificates

First seen at:

CN=mx.mail.com,O=1&1 Mail & Media GmbH,L=Montabaur,ST=Rheinland-Pfalz,C=DE

Certificate chain
Subject
Country (C)
  • DE
State (ST)
  • Rheinland-Pfalz
Locality (L)
  • Montabaur
Organization (O)
  • 1&1 Mail & Media GmbH
Common Name (CN)
  • mx.mail.com
Alternative Names
  • mx.mail.com
  • mx00.mail.com
  • mx01.mail.com
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • GeoTrust TLS RSA CA G1
validity period
Not valid before
2023-08-18
Not valid after
2024-09-17
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
42:64:87:7F:D5:36:0F:1C:BC:EF:A3:36:32:EC:69:AA:FC:58:B4:85:37:FD:AD:3D:84:5C:B8:81:50:BB:6E:2F
SHA1
30:B7:E3:DC:D4:92:C2:51:EF:85:2A:D8:BA:31:3A:4B:33:56:11:B9
X509v3 extensions
authorityKeyIdentifier
  • keyid:94:4F:D4:5D:8B:E4:A4:E2:A6:80:FE:FD:D8:F9:00:EF:A3:BE:02:57
subjectKeyIdentifier
  • F3:A9:9A:C0:7D:9A:15:43:2C:6E:0B:FC:A5:19:47:57:AE:B9:9B:84
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: http://www.digicert.com/CPS
authorityInfoAccess
  • OCSP - URI:http://status.geotrust.com
  • CA Issuers - URI:http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Aug 18 09:30:46.442 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:3D:7B:AC:EA:47:69:6E:E4:40:CD:18:BC:
  • A7:47:1C:7E:31:FD:78:38:45:82:96:61:91:95:42:A3:
  • 36:DC:A2:B9:02:20:6D:1C:8F:CC:4E:34:9D:B4:A6:13:
  • 72:A0:7A:D2:AC:99:49:66:7B:8B:23:87:63:73:CF:2C:
  • 65:80:BD:88:90:25
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Aug 18 09:30:46.424 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:27:53:E5:09:27:58:62:49:A7:69:1D:E9:
  • 37:AB:57:E1:AD:70:DD:2A:DC:FC:6D:10:CA:A9:EC:A0:
  • 34:74:2F:B7:02:20:45:84:EE:73:13:41:0D:7E:70:4E:
  • 51:EB:C5:1E:F0:51:EF:EE:89:BE:D0:35:F2:6F:F5:3D:
  • 19:14:CA:03:14:2E
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
  • 91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
  • Timestamp : Aug 18 09:30:46.367 2023 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:EC:9E:9E:87:B7:DA:69:F5:B6:D8:0F:
  • 12:C5:F0:CD:3F:DA:37:74:FC:0F:E4:8A:55:4D:6F:0A:
  • 90:F9:B7:21:29:02:20:2C:16:C9:DA:49:D5:36:3F:2C:
  • F6:F9:D0:4D:C2:91:9A:6A:C1:EE:48:1E:9C:6C:CB:B6:
  • 3D:32:82:78:46:BA:38

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx01.mail.com
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx01.mail.com
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx01.mail.com
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx00.mail.com
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx00.mail.com
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx00.mail.com
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid