SSL-Tools

SSL check results of ok.de

NEW You can also bulk check multiple servers.

Discover if the mail servers for ok.de can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Sat, 05 Apr 2025 17:37:17 +0000

The mailservers of ok.de can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @ok.de addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mx2-eu.spamexperts.com
2001:978:2:7::162:100
 10
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx2-eu.spamexperts.com
149.13.75.27
 10
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx1-eu.spamexperts.com
2001:978:2:19::e:100
 20
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mx1-eu.spamexperts.com
149.13.75.27
 20
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx3-eu.spamexperts.com
2001:978:2:2c::137:100
 30
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mx3-eu.spamexperts.com
154.59.104.23
 30
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
2 s
mx4-eu.spamexperts.com
2001:978:2:19::e:100
 40
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s
mx4-eu.spamexperts.com
130.117.54.106
 40
supported
*.antispamcloud.com
DANE
missing
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3
3 s

Outgoing Mails

We have received emails from these servers with @ok.de sender addresses. Test mail delivery

Host TLS Version & Cipher
out1-76.antispamcloud.com (185.201.16.76)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
out2-2.antispamcloud.com (185.201.17.2)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mx12-out7.antispamcloud.com (46.165.232.177)
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
mail1.ok.de (88.198.199.114)
TLSv1.2 AECDH-AES256-SHA

Certificates

First seen at:

CN=*.antispamcloud.com,O=N-ABLE TECHNOLOGIES LTD,L=Dundee,C=GB

Certificate chain
Subject
Country (C)
  • GB
Locality (L)
  • Dundee
Organization (O)
  • N-ABLE TECHNOLOGIES LTD
Common Name (CN)
  • *.antispamcloud.com
Alternative Names
  • *.antispamcloud.com
  • *.spamexperts.com
  • *.spamexperts.eu
  • *.spamexperts.net
  • *.mtaroutes.com
  • *.smtp.antispamcloud.com
Issuer
Country (C)
  • US
Organization (O)
  • DigiCert Inc
Common Name (CN)
  • DigiCert Global G2 TLS RSA SHA256 2020 CA1
validity period
Not valid before
2025-01-08
Not valid after
2026-01-13
This certifcate has been verified for the following usages:
  • Digital Signature
  • Key Encipherment
  • TLS Web Server Authentication
  • TLS Web Client Authentication
Fingerprints
SHA256
C8:EC:7E:6D:6E:EA:0E:D4:C0:45:15:4F:E8:D8:0D:51:61:94:88:BE:21:C5:14:A1:12:F4:7D:50:D8:62:5C:33
SHA1
97:95:57:43:F6:2C:FF:AB:3E:62:A6:3A:DF:62:D9:17:89:F8:D6:C0
X509v3 extensions
authorityKeyIdentifier
  • keyid:74:85:80:C0:66:C7:DF:37:DE:CF:BD:29:37:AA:03:1D:BE:ED:CD:17
subjectKeyIdentifier
  • 37:13:22:09:F9:A2:AA:01:DA:2E:B7:CE:00:3D:9A:F8:D9:5B:E7:BF
certificatePolicies
  • Policy: 2.23.140.1.2.2
  • CPS: http://www.digicert.com/CPS
crlDistributionPoints
  • Full Name:
  • URI:http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
  • Full Name:
  • URI:http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
authorityInfoAccess
  • OCSP - URI:http://ocsp.digicert.com
  • CA Issuers - URI:http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:
  • DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21
  • Timestamp : Jan 8 11:24:21.942 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:21:00:89:1F:A0:90:68:80:41:1E:84:0B:FB:
  • 16:86:D2:9C:6D:F1:83:9B:B3:07:92:37:7A:F4:F6:60:
  • 90:03:DA:5A:59:02:20:37:93:42:6E:E1:D3:9D:08:38:
  • 33:38:BA:24:BC:7F:92:0A:14:9C:18:80:D3:3A:0B:05:
  • B8:BA:7B:2A:E0:F8:FB
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:
  • 4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0
  • Timestamp : Jan 8 11:24:21.980 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:45:02:20:52:1D:3F:97:B3:4E:D7:3F:CA:A9:8E:B3:
  • 9D:C3:C7:E9:4E:66:0C:77:3C:36:C0:B2:21:3D:38:D1:
  • F1:B5:6F:5D:02:21:00:81:AD:0A:FB:AC:8E:65:A1:6A:
  • 53:E4:E4:33:E8:80:A3:CC:47:9A:CE:5C:DB:AB:71:4F:
  • 2D:53:72:73:BC:CD:FB
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 49:9C:9B:69:DE:1D:7C:EC:FC:36:DE:CD:87:64:A6:B8:
  • 5B:AF:0A:87:80:19:D1:55:52:FB:E9:EB:29:DD:F8:C3
  • Timestamp : Jan 8 11:24:22.000 2025 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:BD:99:98:47:27:4C:E2:B6:2C:01:BA:
  • A5:65:10:25:DA:C0:FC:BA:3B:D7:6B:B2:96:DD:47:B3:
  • B1:D6:4E:B1:91:02:21:00:85:5A:F6:E7:28:DE:44:33:
  • 02:3B:B9:6A:E4:58:04:F1:5F:1D:87:58:9F:6E:75:6C:
  • CD:AA:E7:1D:50:43:E7:32