Discover if the mail servers for protonmail.ch can be reached through a secure connection.
To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.
Report created Fri, 10 Sep 2021 21:02:44 +0000
These servers are responsible for incoming mails to @protonmail.ch addresses.
| Hostname / IP address | Priority | STARTTLS | Certificates | Protocol | ||
|---|---|---|---|---|---|---|
|
mail.protonmail.ch
185.70.41.101
Results incomplete
|
5 |
supported
|
not checked |
|
7 s
|
|
|
mailsec.protonmail.ch
185.70.40.102
Results incomplete
|
10 |
supported
|
not checked |
|
6 s
|
|
|
mailsec.protonmail.ch
185.70.42.129
Results incomplete
|
10 |
supported
|
not checked |
|
6 s
|
|
|
mailsec.protonmail.ch
176.119.200.129
Results incomplete
|
10 |
supported
|
not checked |
|
7 s
|
We have received emails from these servers with @protonmail.ch sender addresses. Test mail delivery
| Host | TLS Version & Cipher | |
|---|---|---|
| mail-40138.protonmail.ch (185.70.40.138) |
TLSv1.3
TLS_AES_256_GCM_SHA384
|
|
| mail-40132.protonmail.ch (185.70.40.132) |
TLSv1.2
ECDHE-RSA-AES256-GCM-SHA384
|
|
| mail-40131.protonmail.ch (185.70.40.131) |
TLSv1.2
ECDHE-RSA-AES256-GCM-SHA384
|
|
| mail-40130.protonmail.ch (185.70.40.130) |
TLSv1.2
ECDHE-RSA-AES256-GCM-SHA384
|
No Certificates found
DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.
| Name | Options | DNSSEC | Matches |
|---|---|---|---|
| _25._tcp.mailsec.protonmail.ch |
|
valid
|
— |
| _25._tcp.mailsec.protonmail.ch |
|
valid
|
— |
| _25._tcp.mail.protonmail.ch |
|
valid
|
— |
| _25._tcp.mail.protonmail.ch |
|
valid
|
— |
Heartbleed