SSL-Tools

SSL check results of ok.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for ok.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 22 Apr 2023 09:43:59 +0000

The mailservers of ok.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @ok.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx2-eu.spamexperts.com
2001:978:2:7::162:100
 10
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx2-eu.spamexperts.com
149.13.75.27
 10
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx1-eu.spamexperts.com
2001:978:2:7::162:100
 20
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx1-eu.spamexperts.com
130.117.53.188
 20
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mx3-eu.spamexperts.com
2001:978:2:2c::137:100
 30
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx3-eu.spamexperts.com
130.117.53.188
 30
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx4-eu.spamexperts.com
2001:978:2:19::e:100
 40
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mx4-eu.spamexperts.com
130.117.54.106
 40
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s

Outgoing Mails

We have received emails from these servers with @ok.de sender addresses. Test mail delivery

Host TLS Version & Cipher
out1-76.antispamcloud.com (185.201.16.76)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
out2-2.antispamcloud.com (185.201.17.2)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mx12-out7.antispamcloud.com (46.165.232.177)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mail1.ok.de (88.198.199.114)
TLSv1.2 AECDH-AES256-SHA

Certificates

First seen at:

CN=*.antispamcloud.com,O=N-ABLE TECHNOLOGIES LTD,L=Dundee,C=GB

Certificate chain
Subject
Country (C)
  • GB
Locality (L)
  • Dundee
Organization (O)
  • N-ABLE TECHNOLOGIES LTD
Common Name (CN)
  • *.antispamcloud.com
Alternative Names
  • *.antispamcloud.com
  • *.spamexperts.com
  • *.spamexperts.eu
  • *.spamexperts.net
  • *.mtaroutes.com
  • *.smtp.antispamcloud.com
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Common Name (CN)
  • DigiCert TLS RSA SHA256 2020 CA1
validity period
Not valid before
2022-12-21
Not valid after
2024-01-10
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
CB:47:C1:02:28:74:22:A3:B7:A3:74:BB:FF:A6:D2:D8:4F:8C:C9:A0:C6:A4:4E:1C:02:4B:D8:34:F9:0C:B7:D6
SHA1
49:38:BB:6F:E5:F9:22:20:D8:D2:2D:FE:76:E9:85:B7:8F:48:EE:85
X509v3 extensions
authorityKeyIdentifier
  • keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
subjectKeyIdentifier
  • 55:A9:FF:78:C4:15:74:A2:05:8A:4E:5C:9E:CA:E6:BF:A9:21:B7:5A
crlDistributionPoints
  • Full Name:
  • URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
  • Full Name:
  • URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: http://www.digicert.com/CPS
authorityInfoAccess
  • OCSP - URI:http://ocsp.digicert.com
  • CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
  • 32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
  • Timestamp : Dec 21 15:40:26.147 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:2B:A4:16:CE:D3:C5:46:88:D7:EC:C4:E7:
  • F5:8F:BD:C0:3C:9D:25:D6:63:54:68:1B:71:D0:04:68:
  • 08:8B:98:96:02:21:00:D3:B0:ED:FF:3E:B9:5A:54:20:
  • 15:47:C2:0C:59:D5:9C:92:7B:48:98:BC:2F:45:06:EC:
  • 85:15:9D:BF:7F:60:F0
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
  • 1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
  • Timestamp : Dec 21 15:40:26.143 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:B4:3F:9E:E8:A3:88:02:53:25:17:FB:
  • 60:4C:51:F8:4C:5A:81:C7:99:1C:D4:2D:B5:FB:9E:65:
  • 77:6D:37:62:7C:02:21:00:9E:0D:40:73:FD:D6:92:F1:
  • 21:6F:65:3C:2B:D5:95:7F:0F:28:E2:AC:EF:26:D8:8A:
  • 94:A7:83:76:C0:D1:E1:EC
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 3B:53:77:75:3E:2D:B9:80:4E:8B:30:5B:06:FE:40:3B:
  • 67:D8:4F:C3:F4:C7:BD:00:0D:2D:72:6F:E1:FA:D4:17
  • Timestamp : Dec 21 15:40:26.162 2022 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:A1:DB:F1:15:D1:31:54:63:C9:22:24:
  • 8D:A0:55:0C:F0:B3:23:E3:5F:1E:73:83:FF:BE:A0:67:
  • CF:E9:52:9E:0F:02:21:00:EB:22:62:BF:80:AF:EA:BA:
  • F6:A2:F1:89:AE:B3:A3:99:B7:0C:4D:1C:FD:23:5A:17:
  • CE:D8:57:A6:42:70:F6:55