SSL-Tools

SSL check results of smtp.web.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for smtp.web.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Fri, 25 Jul 2025 14:53:36 +0000

No connection to the mailservers of smtp.web.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @smtp.web.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
smtp.web.de
213.165.67.108
Results incomplete
10
supported
smtp.web.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
smtp.web.de
213.165.67.124
Results incomplete
10
supported
smtp.web.de
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have not received any emails from a @smtp.web.de address so far. Test mail delivery

Certificates

First seen at:

CN=smtp.web.de,O=1&1 Mail & Media GmbH,L=Montabaur,ST=Rheinland-Pfalz,C=DE

Certificate chain
Subject
Country (C)
  • DE
State (ST)
  • Rheinland-Pfalz
Locality (L)
  • Montabaur
Organization (O)
  • 1&1 Mail & Media GmbH
Common Name (CN)
  • smtp.web.de
Alternative Names
  • smtp.web.de
  • pop3.web.de
  • imap.web.de
Issuer
Country (C)
  • DE
Organization (O)
  • Deutsche Telekom Security GmbH
Common Name (CN)
  • Telekom Security ServerID OV Class 2 CA
validity period
Not valid before
2025-01-20
Not valid after
2026-01-24
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
82:02:BF:25:7D:0C:8D:13:7D:B5:A9:92:00:C6:3D:A8:AD:3B:CE:BD:35:D3:33:A9:7C:FB:A6:D4:C0:3B:88:E3
SHA1
1C:F8:9E:33:75:F4:78:2A:8D:AF:2F:E8:06:4E:98:EC:BA:3E:B3:6C
X509v3 extensions
authorityKeyIdentifier
  • keyid:1C:05:93:B1:7F:A8:34:30:8C:52:E0:96:40:A0:72:A3:10:5D:E0:FF
subjectKeyIdentifier
  • 87:43:15:6E:6B:75:F6:1A:0F:F0:62:16:72:79:63:BA:B3:DD:8F:C7
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: http://docs.serverid.telesec.de/cps/serverid.htm
crlDistributionPoints
  • Full Name:
  • URI:http://crl.serverid.telesec.de/rl/Telekom_Security_ServerID_OV_Class_2_CA.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.serverid.telesec.de/ocspr
  • CA Issuers - URI:http://crt.serverid.telesec.de/crt/Telekom_Security_ServerID_OV_Class_2_CA.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:
  • DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21
  • Timestamp : Jan 20 09:09:12.797 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:FA:B4:7E:48:BD:01:A0:DC:EF:FF:5C:
  • 64:93:A8:D8:08:77:71:2D:FB:DD:E3:2C:29:F1:13:6C:
  • E0:A5:BB:7D:AA:02:21:00:DC:13:6E:6E:14:F9:FB:03:
  • B5:15:1B:10:2C:37:7C:EB:22:3D:8D:41:C6:44:61:FF:
  • 9B:65:4E:D0:03:5E:50:B3
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 96:97:64:BF:55:58:97:AD:F7:43:87:68:37:08:42:77:
  • E9:F0:3A:D5:F6:A4:F3:36:6E:46:A4:3F:0F:CA:A9:C6
  • Timestamp : Jan 20 09:09:12.326 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:60:21:C8:1C:9E:F9:1B:48:53:6F:A3:AA:
  • 37:DD:15:C2:53:09:A5:8B:28:50:08:9F:32:5C:DB:1D:
  • 49:55:E3:EB:02:20:02:D0:E4:A1:9E:B1:1B:74:FC:0F:
  • 06:E8:58:EC:16:D8:28:43:AC:9B:69:D8:94:8E:7F:95:
  • FA:89:01:F6:5F:5B
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 19:86:D4:C7:28:AA:6F:FE:BA:03:6F:78:2A:4D:01:91:
  • AA:CE:2D:72:31:0F:AE:CE:5D:70:41:2D:25:4C:C7:D4
  • Timestamp : Jan 20 09:09:12.555 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:01:0D:91:72:31:2F:4A:72:60:13:D4:2F:
  • 70:D2:90:AB:E3:D7:B5:7C:57:02:E5:36:97:79:79:02:
  • C8:F3:A5:B4:02:20:13:3B:B9:CC:94:88:79:11:4A:29:
  • C3:10:C0:CF:86:C0:3D:28:B1:75:BD:6A:1E:A0:F6:AC:
  • 4E:E4:88:49:79:65
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 49:9C:9B:69:DE:1D:7C:EC:FC:36:DE:CD:87:64:A6:B8:
  • 5B:AF:0A:87:80:19:D1:55:52:FB:E9:EB:29:DD:F8:C3
  • Timestamp : Jan 20 09:09:12.547 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:70:5D:C6:22:A8:96:6B:C2:63:5C:77:86:
  • CA:92:42:5D:54:63:F3:6D:03:B5:2D:B3:B6:6B:05:1E:
  • E9:0C:6E:4A:02:20:71:1E:10:54:7F:52:C7:D9:32:C7:
  • 4A:ED:FF:86:09:82:35:61:D6:AF:FC:D8:29:6D:85:48:
  • 79:A5:58:B0:56:95
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:
  • 4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0
  • Timestamp : Jan 20 09:09:12.698 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:EB:5F:D0:5D:BB:F5:4A:3C:CD:F1:E9:
  • 05:D0:18:76:D3:D2:B1:33:9D:67:4B:40:FF:61:02:2A:
  • A4:F8:CF:76:E7:02:21:00:F5:9B:5F:3B:AF:25:20:3B:
  • 6B:44:14:39:D6:33:0E:B8:D3:D9:19:4A:EC:9F:75:FF:
  • D2:F5:3B:B3:FF:B5:5B:1D

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.smtp.web.de
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid