SSL check results of gmx.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for gmx.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Sat, 31 May 2025 16:34:36 +0000

No connection to the mailservers of gmx.de could be established.

Servers

Incoming Mails

These servers are responsible for incoming mails to @gmx.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx00.emig.gmx.net
212.227.15.9
Results incomplete
10
supported
mx.gmx.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s
mx01.emig.gmx.net
212.227.17.5
Results incomplete
10
supported
mx.gmx.net
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
1 s

Outgoing Mails

We have received emails from these servers with @gmx.de sender addresses. Test mail delivery

Host TLS Version & Cipher
mo4-p05-ob.smtp.rzone.de (81.169.146.183)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-xforward.gmx.net (82.165.159.40)
TLSv1.3 TLS_AES_256_GCM_SHA384
o134.p8.mailjet.com (87.253.233.134)
TLSv1.3 TLS_AES_128_GCM_SHA256
mout.gmx.net (212.227.17.20)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.17.21)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.17.22)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.19)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.18)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout.gmx.net (212.227.15.15)
TLSv1.3 TLS_AES_256_GCM_SHA384

Certificates

First seen at:

CN=mx.gmx.net,O=1&1 Mail & Media GmbH,L=Montabaur,ST=Rheinland-Pfalz,C=DE

Certificate chain
Subject
Country (C)
  • DE
State (ST)
  • Rheinland-Pfalz
Locality (L)
  • Montabaur
Organization (O)
  • 1&1 Mail & Media GmbH
Common Name (CN)
  • mx.gmx.net
Alternative Names
  • mx.gmx.net
  • mx00.gmx.net
  • mx01.gmx.net
  • mx00.emig.gmx.net
  • mx01.emig.gmx.net
  • dhmx01.emig.gmx.net
  • dhmx02.emig.gmx.net
Issuer
Country (C)
  • DE
Organization (O)
  • Deutsche Telekom Security GmbH
Common Name (CN)
  • Telekom Security ServerID OV Class 2 CA
validity period
Not valid before
2025-02-19
Not valid after
2026-02-23
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Client Authentication
  • TLS Web Server Authentication
Fingerprints
SHA256
41:42:83:2D:20:DB:F9:FE:0E:E4:B4:34:FF:6C:8B:29:0C:49:34:23:D3:9E:DB:A3:2C:42:25:52:C4:8E:39:C5
SHA1
7A:C4:85:D3:C6:CD:DB:F5:79:FE:AC:4E:E2:DF:A5:4D:DE:AC:69:AE
X509v3 extensions
authorityKeyIdentifier
  • keyid:1C:05:93:B1:7F:A8:34:30:8C:52:E0:96:40:A0:72:A3:10:5D:E0:FF
subjectKeyIdentifier
  • EF:10:FA:48:4C:8E:E6:4A:E4:03:39:1E:49:2A:33:18:F1:C3:FF:6B
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: http://docs.serverid.telesec.de/cps/serverid.htm
crlDistributionPoints
  • Full Name:
  • URI:http://crl.serverid.telesec.de/rl/Telekom_Security_ServerID_OV_Class_2_CA.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.serverid.telesec.de/ocspr
  • CA Issuers - URI:http://crt.serverid.telesec.de/crt/Telekom_Security_ServerID_OV_Class_2_CA.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:
  • DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21
  • Timestamp : Feb 19 07:09:11.355 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:46:20:A8:C3:5A:BE:52:A9:33:20:94:01:
  • 07:52:18:4D:71:CB:20:E1:70:50:BB:66:AB:F7:80:65:
  • C5:88:A8:42:02:21:00:E7:9E:43:3D:32:DF:AC:F5:2B:
  • B1:CD:73:48:5D:38:1D:CD:E5:36:06:B1:CD:7B:A7:00:
  • DE:E4:B3:14:AC:44:C2
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 96:97:64:BF:55:58:97:AD:F7:43:87:68:37:08:42:77:
  • E9:F0:3A:D5:F6:A4:F3:36:6E:46:A4:3F:0F:CA:A9:C6
  • Timestamp : Feb 19 07:09:11.456 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:FE:E0:EB:F6:6C:74:2F:C0:59:84:59:
  • E5:B2:BC:87:90:3E:1D:CA:5E:46:A6:90:A2:FF:65:3A:
  • 7B:16:BA:29:20:02:21:00:99:23:67:F3:3B:54:72:06:
  • CE:22:47:2C:85:D0:2C:23:71:59:36:53:06:40:CC:98:
  • CE:B8:6A:F5:99:CE:AB:30
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 19:86:D4:C7:28:AA:6F:FE:BA:03:6F:78:2A:4D:01:91:
  • AA:CE:2D:72:31:0F:AE:CE:5D:70:41:2D:25:4C:C7:D4
  • Timestamp : Feb 19 07:09:11.316 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:8C:D8:8A:E0:17:06:61:51:6B:2D:F7:
  • DE:84:84:0F:64:E3:76:C3:5D:67:B2:59:FD:68:26:F2:
  • A0:BE:F2:D7:D1:02:20:29:15:89:CA:9A:5B:50:DA:95:
  • BF:B7:31:C2:57:00:9B:80:E6:C9:62:DD:C9:20:BC:4C:
  • D6:51:E9:A6:E7:39:A5
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 49:9C:9B:69:DE:1D:7C:EC:FC:36:DE:CD:87:64:A6:B8:
  • 5B:AF:0A:87:80:19:D1:55:52:FB:E9:EB:29:DD:F8:C3
  • Timestamp : Feb 19 07:09:11.228 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:3F:C8:2B:18:50:8E:0E:F8:64:1D:14:11:
  • 77:20:A6:3D:F5:8A:59:35:E5:8B:B2:2B:6C:EA:42:B5:
  • 4C:F1:BF:0A:02:20:53:A7:C1:1A:BC:AC:91:6B:42:3C:
  • 0C:E7:64:56:AA:D1:26:93:AC:79:7B:85:70:EC:56:ED:
  • 2D:37:17:02:08:44
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:
  • 4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0
  • Timestamp : Feb 19 07:09:11.404 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:3C:5D:A4:8B:6E:57:90:FB:EB:82:78:0D:
  • DD:1B:9D:02:9E:70:FD:C7:BE:64:CC:B5:63:8A:E7:94:
  • 11:C7:21:30:02:21:00:CA:4F:2C:00:12:E3:3E:93:24:
  • 30:F0:9D:0B:77:E2:6A:5F:6C:3C:14:65:31:63:3E:07:
  • 0B:4E:BA:D4:98:90:03

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx00.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx01.emig.gmx.net
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid