Instructions/Info

See the Test SenderFull Documentation for more information.

How to run it

TestSender cannot tell your email system to "send us an email". If it could, think of the spam possibilities! So you will need to start TestSender by sending us an email.

See below for where to send the email and how to put your unique passcode on it.

For your convenience, this webpage gives you an option to automatically start the email with just a click.

Before using TestSender you may want to list CheckTLS.com in your list of allowed domains (whitelist us) so the report TestSender returns to you is not sent to your spam folder.

We cannot respond to Challenge-response email filters (e.g. SpamArrest, Support Sentry SpamBlock, iPermitMail) so you MUST manually allow mail from CheckTLS.com.

When running multiple TestSender tests, you can add notes in the Subject: line. Just enclose your passcode in parenthesis and we'll find it. For example:

Subject: Test number 12 (my passcode here) on Tuesday

This passcode only works once. You can refresh this page to receive another one.

What it does

When you send an email to the special address listed below with your unique passcode, TestSender performs all the steps that Internet email systems go through to receive email. It records every command and byte of data that your system sends and every answer and byte of data that our system replies back. TestSender does actually receive your email, and it learns as much about your system as it can in the process.

Because CheckTLS focuses on security, TestSender tries to establish a secure (TLS) connection with your system. Along with recording everything, it looks at the security of the your system for things like: certificate contents and signers, encryption algorithms, key lengths, hostname mis-matches, weak cyphers, etc.

What it shows

TestSender sends its results as a reply to the email you used to start the test. Results have very limited HTML formatting so you can read them on any email system.

The Results email shows details of the test and the complete communications log of the SMTP session. Various security items and any errors are highlighted so they are easy to find.

If you have them setup, the test also reports detailed information about Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC).

The reply email looks like:

Date: Fri, 29 Jun 2018 11:33:34 -0400
To: nospam@checktls.com
From: CheckTLS Test Sender TLS <testsender@CheckTLS.com>
Subject: SUCCESSFUL
Content-Type: text/html

SUCCESSFUL CheckTLS/email/test From:

Your email was sent securely using TLS.

From:nospam@checktls.com
Via:159.89.187.50
Date:2018-06-29 11:33:33 EDT
Subject:password
SSLVersion:TLSv1_2
SSLCipher:ECDHE-RSA-AES128-GCM-SHA256
ClientCert:Subject Name: /OU=Domain Control Validated/CN=*.checktls.com
Issuer Name: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
SPF_mfrom.Record:v=spf1 a mx -all
SPF_mfrom:pass: local="checktls.com: 159.89.187.50 is authorized to use 'checktls.com' in 'mfrom' identity (mechanism 'a' matched)"
SPF_helo:none: local="www6.checktls.com: No applicable sender policy available"
DKIM:pass: signature="@checktls.com" result="pass"
DKIM_policy.sender:"o=~"(default), result="accept"
DKIM_policy.author:"o=~"(default), result="accept"
DKIM_policy.ADSP:""(default), result="accept"
DMARC_result:pass
DMARC_disposition:none
DMARC_dkim:pass
DMARC_dkim_align:strict
DMARC_spf:pass
DMARC_spf_align:strict
DMARC_published.v:DMARC1
DMARC_published.p:none

(this email intentionally has limited formatting)

The transcript of the eMail SMTP session is below, with:
--> this is a line from your email system to us (~~> when encrypted)
<-- this is a line to your email system from us (<~~ when encrypted)
=== this is a line about the tls negotiation (cypher, cert, etc)
*** this is an error, warning, or info line that the test found
<-- 220 ts6.checktls.com ESMTP TestSender Fri, 29 Jun 2018 11:33:33 -0400
--> EHLO www6.CheckTLS.com
<-- 250-ts6.checktls.com Hello www6.checktls.com [159.89.187.50], pleased to meet you
<-- 250-ENHANCEDSTATUSCODES
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250 HELP
--> STARTTLS
<-- 220 Ready to start TLS
====tls negotiation successful (cypher: ECDHE-RSA-AES128-GCM-SHA256)
client cert:
Subject Name: /OU=Domain Control Validated/CN=*.checktls.com
Issuer  Name: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
~~> EHLO www6.CheckTLS.com
<~~ 250-ts6.checktls.com Hello www6.checktls.com [159.89.187.50], pleased to meet you
<~~ 250-ENHANCEDSTATUSCODES
<~~ 250-8BITMIME
<~~ 250 HELP
~~> MAIL From:<nospam@checktls.com>
<~~ 250 Ok - mail from nospam@checktls.com
~~> RCPT To:<test@TestSender.CheckTLS.com>
<~~ 250 Ok - recipient test@TestSender.CheckTLS.com
~~> DATA
<~~ 354 Send data.  End with CRLF.CRLF
~~> From: "Steve Shoemaker" <nospam@checktls.com>
~~> To: <test@TestSender.CheckTLS.com>
~~> Subject: password
~~> Date: Fri, 29 Jun 2018 11:32:31 -0400
~~> 
~~> This message is intentionally empty.
~~> .
<~~ 250 Ok
~~> QUIT
<~~ 221 ts6.checktls.com closing connection

See the Test SenderFull Documentation for more information.

Your test is setup.

Send an email to this address: test@TestSender.CheckTLS.com
Put this passcode in the Subject: ivdz7skw3mqqt

For example:
To: test@TestSender.CheckTLS.com
Subject: ivdz7skw3mqqt

This is a test message.

If mail is setup in your browser, click here to start the email

Be sure to whitelist CheckTLS.com. (Expecially if you use a Challenge-response email service.)
Our test results can look like SPAM and we get many bounced results. If your test result does not come to your email in a minute or two, you can check our logs for a bounce from your domain HERE.