Please note that only specially configured Internet email systems should pass this test; most systems should fail it. See Mandatory TLS for why this is so.


For systems that are specially configured to require TLS, this is a very useful test because it is a controlled "other end" for your system to send to.

How to run it

Start //email/testMandatoryFrom: ("TestSenderAssureTLS") by sending us an email.

Use the Start Listener button below to see how and where to send the email.

Before using //email/testMandatoryFrom: you may want to list in your list of allowed domains (whitelist us) so the report //email/testMandatoryFrom: returns to you is not sent to your spam folder.

We cannot respond to Challenge-response email filters (e.g. SpamArrest, Support Sentry SpamBlock, iPermitMail) so you MUST manually allow mail from

This passcode only works once. You can refresh this page to receive another one.

Note: A //email/testMandatoryFrom: test may take 30 minutes to complete, and you should not have more than one test in progress at any given time. //email/testMandatoryFrom: may have your email system try to send the test email more than once, so having more than one //email/testMandatoryFrom: test in queue can confuse it.

What it does

When you send an email to the special address listed below, //email/testMandatoryFrom: makes sure that Mandatory TLS is working. It does not invite your sender to use TLS and will not accept a STARTTLS command from your end. It instead tries to get your system to send the email as plain text.

If your system is correctly setup to require TLS, it must give up trying to send the email since we will not do TLS. Your system may then queue the mail to try again later. //email/testMandatoryFrom: does accept the retry to clear the message from your queue, but the second try is not part of the test.

What it shows

//email/testMandatoryFrom: replies to your email with its results.

The reply email looks like one of these:

From: CheckTLS Test Sender Assure TLS <>

SUCCESSFUL //email/testMandatoryFrom:

Your email server would not fall-back to insecure mode.

From: CheckTLS Test Sender Assure TLS <>
Subject: FAILED

FAILED //email/testMandatoryFrom:

We received your Mandatory TLS mail without TLS.

Input Fields
TestSenderAssureTLS parameter entry

This //email/TestMandatoryFrom: test ("TestSenderAssureTLS") requires you to send us an email after you tell us to listen for it.
Open Instructions/Info above for more information.
This test takes ten or more minutes to finish because your emailer has to try to send it twice. You can only have one test running at a time or the "send twice" logic will report incorrect results.

More information will show here when a Listener is Started.