SSL-Tools

SSL check results of sanford.pro

NEW You can also bulk check multiple servers.

Discover if the mail servers for sanford.pro can be reached through a secure connection.

To establish a secure connection a mail server has to offer STARTTLS (SSL), a trustworthy SSL certificate, support for the Diffie-Hellman-Algorithm to guarantee Perfect Forward Secrecy and must not be vulnerable against the Heartbleed attack. Futhermore we recommend using end-to-end encryption with GnuPG.

Summary

JSON Refresh

Report created Wed, 03 Jun 2026 14:11:21 +0000

The mailservers of sanford.pro can be reached through a secure connection.

Servers

Incoming Mails

These servers are responsible for incoming mails to @sanford.pro addresses.

Hostname / IP address Priority STARTTLS Certificates Protocol
mail.sanford.pro
2604:a880:400:d0::1afe:d001
 10
supported
mail.sanford.pro
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
5 s
mail.sanford.pro
198.199.80.221
 10
supported
mail.sanford.pro
DANE
valid
PFS
supported
Heartbleed
not vulnerable
Weak ciphers
not found
  • TLSv1.2
  • SSLv3
5 s

Outgoing Mails

We have not received any emails from a @sanford.pro address so far. Test mail delivery

Certificates

First seen at:

CN=mail.sanford.pro

Certificate chain
  • mail.sanford.pro
    • remaining
    • 384 bit
    • ecdsa-with-SHA384
      • E7
        • remaining
        • 384 bit
        • sha256WithRSAEncryption
          • ISRG Root X1 (Certificate is self-signed.)
            • remaining
            • 4096 bit
            • sha256WithRSAEncryption
Subject
Common Name (CN)
  • mail.sanford.pro
Alternative Names
  • mail.sanford.pro
Issuer
Country (C)
  • US
Organization (O)
  • Let's Encrypt
Common Name (CN)
  • E7
validity period
Not valid before
2026-05-17
Not valid after
2026-08-15
This certifcate has been verified for the following usages:
  • Digital Signature
  • TLS Web Server Authentication
Fingerprints
SHA256
15:85:91:94:9F:C0:B2:CF:93:2B:4C:54:CD:C4:5C:03:A2:72:FC:AD:B3:A8:54:4D:0E:BF:A5:3C:EE:BC:3B:87
SHA1
D5:39:FD:96:57:E8:46:57:5D:6B:28:24:14:1C:E0:32:12:27:DA:5F
X509v3 extensions
subjectKeyIdentifier
  • C7:DD:CE:8D:16:5B:61:9B:25:7B:F4:A1:C9:12:FA:18:F2:B5:0A:08
authorityKeyIdentifier
  • keyid:AE:48:9E:DC:87:1D:44:A0:6F:DA:A2:E5:60:74:04:78:C2:9C:00:80
authorityInfoAccess
  • CA Issuers - URI:http://e7.i.lencr.org/
certificatePolicies
  • Policy: 2.23.140.1.2.1
crlDistributionPoints
  • Full Name:
  • URI:http://e7.c.lencr.org/30.crl
ct_precert_scts
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : AF:67:88:3B:57:B0:4E:DD:8F:A6:D9:7E:F6:2E:A8:EB:
  • 81:0A:C7:71:60:F0:24:5E:55:D6:0C:2F:E7:85:87:3A
  • Timestamp : May 17 05:17:26.215 2026 GMT
  • Extensions: none
  • Signature : ecdsa-with-SHA256
  • 30:44:02:20:4D:5C:D4:6A:44:B1:AD:45:4F:BC:CB:99:
  • 80:5D:EA:CE:47:6C:6C:9D:90:3D:96:CD:EF:44:65:02:
  • 2A:4B:C1:6F:02:20:6F:B2:28:0C:40:33:72:B9:8D:20:
  • E7:AD:EE:E1:BD:B2:ED:68:47:BE:F3:2D:24:90:89:CE:
  • 7F:3D:21:78:55:10
  • Signed Certificate Timestamp:
  • Version : v1 (0x0)
  • Log ID : 1A:8B:9D:6B:0F:FE:BF:81:B4:79:39:C6:D2:31:0A:86:
  • D6:D1:02:D4:F0:46:E2:18:2C:9D:E3:5F:5E:26:25:EF
  • Timestamp : May 17 05:17:26.700 2026 GMT
  • Extensions: 00:00:05:00:13:A2:BF:DF
  • Signature : ecdsa-with-SHA256
  • 30:46:02:21:00:89:03:5F:55:F1:09:D3:AD:10:75:F5:
  • EF:0B:90:03:D2:78:01:53:B2:44:E3:34:1A:37:5E:6B:
  • AC:C7:23:7A:F5:02:21:00:EA:FA:4A:12:61:C6:FA:84:
  • 8D:6E:D5:F0:29:7F:DF:81:33:A6:FD:53:DA:D1:20:ED:
  • 68:62:77:33:50:3F:BA:AA

DANE

DNS-based Authentication of Named Entities (DANE) is a protocol to allow X.509 certificates to be bound to DNS using TLSA records and DNSSEC.

Name Options DNSSEC Matches
_25._tcp.mail.sanford.pro
  • DANE-EE: Domain Issued Certificate
  • Use subject public key
  • SHA-256 Hash
valid
valid