Fri, 17 Nov 2017 Frequently Asked Questions

CheckTLS Whitelist IP Addresses and Domain Names
What is the difference between Professional and Corporate Level Subscriptions?
Why Do You "Score" TLS Instead of Giving a Yes or No Answer?
May We Use the CheckTLS Name and/or Logo?
How Do I Fix My Email?
Do You Have a Non-Working TLS Host I Can Test With?
Why Two Different Credentials: CustomerCode and UserCode?

Mon, 20 Mar 2017 CheckTLS Whitelist

Add the following IP addresses and domain names to any network filters and/or domain Whitelists at your site.

IP Address Range: 216.68.85.112-115 (216.68.85.112/30 or 216.68.85.112/255.255.255.252)
Domain Names: CheckTLS.com and *.CheckTLS.com

Adding our IP address range to any network filters makes sure our tests are able to do the testing you request from our site.Our tests are non-invasive, non-intrusive, and non-obtrusive. They require no changes to your or any other system. They cause no extra processing and should not trip any security alarms.

Adding our domain to any Whitelists also makes sure our tests can do the testing you request, and it also makes sure any results we email to you get through to you and don't end up in a junk folder or thrown away.

Back to Top

Tue, 30 May 2017 What is the difference between Professional and Corporate Level Subscriptions?

Corporate is everything in Professional plus the ability to store batches (lists) of addresses and test them automatically on a schedule.

Professional is access to the raw tools, Corporate makes them easy to use over and over.

Professional tests things one time, Corporate is "set it and forget it" continuous monitoring of one or more email systems.

You can achieve HIPAA Compliance with Corporate. See email compliance

Corporate also has Internet Packet Sniffer and Protocol Analyzer -- very powerful tools that take some time to learn and setup.

Back to Top

Tue, 10 Oct 2017 Why Do You "Score" TLS Instead of Giving a Yes or No Answer?

TLS is not Yes or No. Take for example a domain that has a primary and a secondary (backup) MX host. If the primary has TLS but the secondary does not, is email to that domain encrypted or not?

Our Confidence Factor℠ takes this into account. It accounts for two or more MX hosts, how they are prioritized, how good each of their TLS configurations are, such as what versions and cyphers they are using, etc.

Even for single MX hosts, the Confidence Factor℠ considers versions, cypher strengths, key sizes, certificates, DNS setup and name matching, etc.

Note that two or more MX hosts are common in medium sized organizations. They have their own email system, but subscribe to a cloud email provider as a backup. Their own email system has a higher MX priority than the backup, so the primary is always tried and used first. It is only when their own email system is down for maintenance or has a problem that the cloud provider receives their email. The backup typically stores the email and sends it to the primary when the primary comes back online. That connection may or may not be secure also, depending if the backup can send using encryption.

That's why we created the Confidence Factor℠. It shows the shades of gray. We suggest that a CF of 90 and above is good. But we don't unequivocally say "yes" unless it's 100%. And even then your own policy may demand a higher degree of encryption, etc. We provide the tools for you to explore your, and your customers', levels of email security.

Sat, 30 Sep 2017 May We Use the CheckTLS Name and/or Logo?

Yes, Corporate Subscribers may publish their affiliation with CheckTLS on-line and on printed or other media.

We currently have no requirments for this use, but we ask that you include "CheckTLS℠" as part of your use.

As part of this published affiliation you may use any of our service marks such as CheckTLS℠, ForceTLS℠, MonitorTLS℠, "Verified TLS"℠, and "Confidence Factor"℠.

Wed, 04 Oct 2017 How Do I Fix My Email?

My email fails one or more of your tests.

XYZ company will not do business with us unless we pass your test(s).

You must secure your email system. Usually this means TLS encrypting email you send to others and accepting TLS encrypted email from others.

Securing your email system is outside the scope of our site. Try searching the Internet for "howto TLS" and the name of your email software, e.g. "Office 365".

You can also search the Internet for local consultants that can help you with your email system.

Fri, 03 Nov 2017 Do You Have a Non-Working TLS Host I Can Test With?

Yes. You can use test@NoTLS.CheckTLS.com

Obviously, test@CheckTLS.com is a working TLS host you can test with.

Back to Top

Sat, 18 Nov 2017 Why Two Different Credentials: CustomerCode and UserCode?

Individuals have their own UserCode and Password.

Corporate Subscriptions have a separate CustomerCode and Password.

UserCodes allow Individuals to login to CheckTLS and interact with it. CustomerCodes allow unattended use of Web Services.

Having separate credential types allows Individuals to keep their credentials secret and not listed in the source code for Web Service calls.

Corporate Subscribers can see their CustomerCode and CustomerPass HERE.

Back to Top