SSL-Tools

SSL check results of mailbox.org

NEW You can also bulk check multiple servers.

Discover if the mail servers for mailbox.org can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 10 May 2025 14:06:28 +0000

The mailservers of mailbox.org can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @mailbox.org addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx1.mailbox.org
2001:67c:2050:104::1:25:1
 10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx1.mailbox.org
80.241.60.212
 10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx2.mailbox.org
2001:67c:2050:104::2:25:1
 10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx2.mailbox.org
80.241.60.215
 10
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx3.mailbox.org
2001:67c:2050:104::3:25:1
 20
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx3.mailbox.org
80.241.60.216
 20
supported
*.mailbox.org
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx-n.mailbox.org
2001:67c:2050:104::ffff:25:1
Results incomplete
50 not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
4 s
mx-n.mailbox.org
91.198.250.17
Results incomplete
50 not checked
DANE
errors
PFS
not checked
Heartbleed
not checked
Weak ciphers
not checked
11 s

Outgoing Mails

We have received emails from these servers with @mailbox.org sender addresses. Test mail delivery

Host TLS Version & Cipher
mout-p-102.mailbox.org (80.241.56.152)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-p-201.mailbox.org (IPv6:2001:67c:2050::465:201)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-p-202.mailbox.org (IPv6:2001:67c:2050::465:202)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-p-102.mailbox.org (IPv6:2001:67c:2050::465:102)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-p-103.mailbox.org (80.241.56.161)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-y-111.mailbox.org (91.198.250.236)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-p-101.mailbox.org (80.241.56.151)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-y-209.mailbox.org (91.198.250.237)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-s-207.mailbox.org (80.241.60.6)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-s-108.mailbox.org (IPv6:2001:67c:2050:1::465:1108)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-s-207.mailbox.org (IPv6:2001:67c:2050:1::465:2207)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-p-202.mailbox.org (80.241.56.172)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-s-108.mailbox.org (80.241.60.2)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-u-107.mailbox.org (IPv6:2001:67c:2050:1::465:107)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-u-204.mailbox.org (91.198.250.253)
TLSv1.3 TLS_AES_256_GCM_SHA384
mout-u-107.mailbox.org (91.198.250.252)
TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
mout-y-209.mailbox.org (IPv6:2001:67c:2050:1::465:209)
TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305
mout-p-103.mailbox.org (IPv6:2001:67c:2050::465:103)
TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305

Certificates

First seen at:

CN=*.mailbox.org

Certificate chain
Subject
Common Name (CN)
  • *.mailbox.org
Alternative Names
  • *.mailbox.org
  • mailbox.org
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Organizational Unit (OU)
  • www.digicert.com
Common Name (CN)
  • Thawte TLS RSA CA G1
validity period
Not valid before
2024-05-13
Not valid after
2025-06-10
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
A8:48:50:43:DB:F1:60:96:AA:1F:C3:42:DD:29:7C:23:F5:B0:BA:AE:72:C3:BE:26:9C:98:15:C5:22:77:8D:EC
SHA1
38:D6:CF:2D:F2:2A:5C:DC:2D:92:0E:A9:46:D3:40:92:17:6E:A8:D8
X509v3 extensions
authorityKeyIdentifier
  • keyid:A5:8C:FE:32:CC:EB:0F:2C:D4:19:C6:08:B8:00:24:88:5D:C3:C5:B7
subjectKeyIdentifier
  • 67:75:75:39:E5:87:FF:BB:FA:13:96:E9:08:A1:B5:55:C8:61:AA:08
certificatePolicies
  • Policy: 2.23.140.1.2.1
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://cdp.thawte.com/ThawteTLSRSACAG1.crl
authorityInfoAccess
  • OCSP - URI:http://status.thawte.com
  • CA Issuers - URI:http://cacerts.thawte.com/ThawteTLSRSACAG1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB:
  • 1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF
  • Timestamp : May 13 11:37:45.162 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:11:2E:F0:B4:ED:3C:4D:4A:62:76:3F:6E:
  • B6:5F:0D:FB:0C:E8:DF:2F:8D:57:7C:B8:CE:56:AB:11:
  • 31:9B:86:C6:02:21:00:98:12:17:D6:0C:83:2E:83:75:
  • BE:97:10:66:DD:07:FC:0C:19:FD:FC:F9:F0:BF:67:CC:
  • 7E:D2:32:C6:C7:E3:21
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
  • 87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
  • Timestamp : May 13 11:37:45.073 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:E0:5C:4F:9B:ED:38:C5:D6:E0:79:5E:
  • 78:FE:B0:B0:85:87:13:57:04:A1:A9:A7:08:6E:65:ED:
  • E8:73:04:61:0E:02:20:3D:A7:1E:78:80:B3:C7:70:0C:
  • FE:A1:BC:6D:3E:B7:84:48:F4:6B:59:79:91:C5:9F:ED:
  • F1:0D:1F:56:C1:7A:7F
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
  • D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
  • Timestamp : May 13 11:37:45.089 2024 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:D9:A0:B3:B6:3E:28:39:F9:55:AD:F9:
  • F5:FA:BD:2E:63:CA:9B:77:FA:DF:1D:0B:3F:82:10:31:
  • CA:C4:E1:F9:FC:02:20:06:D6:5E:47:D5:45:18:AA:BB:
  • C2:DB:CD:74:A7:88:35:8E:8C:FE:13:83:A6:AB:98:91:
  • 29:11:62:93:3B:E1:4B

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mx1.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx2.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx3.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid
_25._tcp.mx-n.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
_25._tcp.mx-n.mailbox.org
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid