SSL check results of mailbox.org

NEW You can also bulk check multiple servers.

Discover if the mail servers for mailbox.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

Report created Wed, 02 Jul 2025 00:30:28 +0000

The mailservers of mailbox.org can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @mailbox.org addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx2.mailbox.org
2001:67c:2050:104::2:25:1
10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx2.mailbox.org
80.241.60.215
10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
1 s
mx1.mailbox.org
2001:67c:2050:104::1:25:1
10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx1.mailbox.org
80.241.60.212
10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
1 s
mx3.mailbox.org
2001:67c:2050:104::3:25:1
20
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx3.mailbox.org
80.241.60.216
20
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
1 s
mx-n.mailbox.org
2001:67c:2050:104::ffff:25:1
Results incomplete
50 not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
4 s
mx-n.mailbox.org
91.198.250.17
Results incomplete
50 not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
11 s

Outgoing Mails

We have received emails from these servers with @mailbox.org sender addresses. Test mail delivery

Host TLS Version & Cipher
mout-p-102.mailbox.org (80.241.56.152)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-p-201.mailbox.org (IPv6:2001:67c:2050::465:201)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-p-202.mailbox.org (IPv6:2001:67c:2050::465:202)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-p-102.mailbox.org (IPv6:2001:67c:2050::465:102)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-p-103.mailbox.org (80.241.56.161)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-y-111.mailbox.org (91.198.250.236)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-p-101.mailbox.org (80.241.56.151)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-y-209.mailbox.org (91.198.250.237)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-s-207.mailbox.org (80.241.60.6)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-s-108.mailbox.org (IPv6:2001:67c:2050:1::465:1108)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-s-207.mailbox.org (IPv6:2001:67c:2050:1::465:2207)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-p-202.mailbox.org (80.241.56.172)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-s-108.mailbox.org (80.241.60.2)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-u-107.mailbox.org (IPv6:2001:67c:2050:1::465:107)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-u-204.mailbox.org (91.198.250.253)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-u-107.mailbox.org (91.198.250.252)
TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
mout-y-209.mailbox.org (IPv6:2001:67c:2050:1::465:209)
TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
mout-p-103.mailbox.org (IPv6:2001:67c:2050::465:103)
TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305

Certificates

First seen at:

CN=*.mailbox.org

Certificate chain
Subject
Common Name (CN)
  • *.mailbox.org
Alternative Names
  • *.mailbox.org
  • mailbox.org
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • Thawte TLS RSA CA G1
validity period
Not valid before
2025-05-13
Not valid after
2026-06-10
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
68:A2:7F:14:D4:D6:48:5F:4E:7B:A2:22:AA:AF:62:97:C2:49:74:EE:64:6F:19:ED:AC:8C:99:43:DC:F5:13:82
SHA1
E1:A4:6D:CB:6A:A1:1F:19:10:54:9E:18:62:FB:F7:B7:7D:E2:DE:0B
X509v3 extensions
authorityKeyIdentifier
  • keyid:A5:8C:FE:32:CC:EB:0F:2C:D4:19:C6:08:B8:00:24:88:5D:C3:C5:B7
subjectKeyIdentifier
  • 67:75:75:39:E5:87:FF:BB:FA:13:96:E9:08:A1:B5:55:C8:61:AA:08
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.thawte.com/ThawteTLSRSACAG1.crl
authorityInfoAccess
  • OCSP - URI:http://status.thawte.com
  • CA Issuers - URI:http://cacerts.thawte.com/ThawteTLSRSACAG1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:
  • DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21
  • Timestamp : May 13 09:30:29.091 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:42:7C:76:F4:61:A7:D7:AC:56:39:3D:70:
  • 1D:29:FD:EA:85:70:9A:48:F0:33:23:57:B9:21:1E:78:
  • ED:01:9D:8D:02:21:00:CA:32:D1:3E:1F:35:0A:72:89:
  • 91:42:1C:57:23:60:BE:9A:0F:F6:84:A2:85:81:20:1A:
  • 67:1F:3B:2D:88:47:CD
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:
  • 4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0
  • Timestamp : May 13 09:30:29.002 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:EA:C8:8F:A6:25:5D:34:CB:3B:C6:C8:
  • 46:AF:77:BC:3B:3A:46:BE:82:02:48:85:5F:48:2A:AC:
  • BD:FD:4B:3D:6A:02:21:00:F0:17:97:87:20:D4:9B:43:
  • BD:E6:EE:C3:4F:EC:68:20:3D:40:EB:9C:E6:E1:1D:F0:
  • 0A:4B:50:F3:B5:DD:5C:0C
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 49:9C:9B:69:DE:1D:7C:EC:FC:36:DE:CD:87:64:A6:B8:
  • 5B:AF:0A:87:80:19:D1:55:52:FB:E9:EB:29:DD:F8:C3
  • Timestamp : May 13 09:30:29.024 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:23:18:C0:DA:9B:36:26:B4:61:36:1B:4A:
  • CE:99:83:15:3E:0F:C1:54:3D:D3:92:53:D4:7E:86:B7:
  • 2D:89:70:58:02:20:1E:87:AF:81:95:5D:53:51:3D:4C:
  • 62:30:DF:1B:86:54:F0:B1:75:DD:89:21:44:81:FE:45:
  • B2:47:76:81:90:E8

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx-n.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx-n.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx2.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx1.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx3.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid