Saving Secure Email Tests

Make a List ("Batch") and Check It

Keep watch over your and your trading partner's email systems. Run a pre-programmed group of tests periodically. See below for how easy this is with CheckTLS. See Monitor for how to use this capability with your existing monitoring and notification systems.

Batch testing is the most powerful tool at CheckTLS. A Batch is a list of email addresses with instructions about how to test them. It lets you test many targets without having to sit in front of your screen and click over and over.

A "Batch" of Email Addresses Lets You
  • enter a list of email addresses to test together (Receiver)
  • test many addresses with no wait and no touch: they are automatically tested in order (Receiver)
  • save lists with a description for each (Setup)
  • keep details, like authorizations, about private email servers for future use (Custom)
  • unlock options in //email/testTo: that are not available from the web site (Custom)
  • compute a single grade for the whole list (Total)
  • run a list on-demand, i.e. manually at any time (Run)
  • schedule the list to run periodically, for example every Monday morning (Schedule)
  • suppress (i.e. not send) results if no addresses have changed (Suppress)
  • test email systems end-to-end, i.e. send and receive together (Thru)
  • time email systems' speeds (receive, turn-around, send) (Thru)
  • generate machine-readable results (Batch Output Formats)
  • return only certain fields from test results (Batch XML OnlyNode/OnlyField and XSL)
Use Batches To
  • check a list of email addresses to see if they are valid
  • check a list of email addresses to see how secure they are
  • periodically check email addresses to see if they are still valid/secure
  • setup a simple monitoring system for email addresses to alert if the validity or security of any one of them changes
  • support email security audits
  • support formal corporate security policies
  • allow off-the-shelf email systems to meet modern security requirements, e.g. HIPAA, GDPR, PCI
  • meet modern security requirements quickly, easily, and inexpensively without complexity or affecting reliability
Use BatchEdit to start working with Batches.

Types of Saved ("Batch") Tests


A Batch can run //email/testTo: tests on a whole list (Batch) of targets you enter, typically by pasting from a spreadsheet. The Batch runs by itself, testing each address in turn. The original list of targets and the test results are sent to an email address you specify along with the target list.

Batches uses an XML configuration file to list targets, optional totals for the batch, and the return email address for the results. This file can be generated from most databases, or we have Excel workbooks can that generate it. See Batch XML Input File and Excel Workbook for more information.


The info for //email/testFrom: describes how to automate testing your email sender. A "Thru" test does this and more:

Thru (End-to-End Test)

A Batch can run a "Thru" test. Batch Thru tests are not available on the CheckTLS website. They are only available in Batch tests. A Thru test combines //email/testTo:, an actual email, and //email/testFrom: to test the target email system from "end-to-end", i.e. that it can:

  • securely receive email,
  • process it,
  • and then securely send it back.
TestThru does this by watching itself send an actual email to the target and then listening for and watching a reply come back. It requires the email system administrator to setup an auto-forward email account inside the email system to be tested. This auto-forwarder should take in any email addressed to it and return it to

Since a "thru" test requires a special email account at the Target, TestThru Batches typically test just one Target. TestThru Batches are limited to 5 Targets in any one Batch to protect the test from looking like SPAM.

Email Speed

As an end-to-end test, a Thru test can also report how fast an email server is. Our Thru test currently reports on the speed of an email server with three numbers:

  • how long it takes to "send" an email into the system,
  • how long it takes for that system to "turn it around",
  • and how long it takes for the system to send the email back.

See Batch Output Formats for what these durations are and how they are reported.

Creating annd Maintaining Batches

There are two ways to create a new Batch: interactively, with BatchEdit, or with the BatchUpload Web Service. Certain features such as saving and scheduling Batches and the web service are only available to Corporate Level subscribers.


A Batch can test multiple custom or private targets using all the features of the interactive //email/testTo: Custom/Private test. In addition, a Batch XML Input File can specify //email/testTo: capabilities not available from the webpage.


Each Batch can compute a batch total. The total is a good indication of the quality of the list of addresses in the Batch, but more importantly it is an easy way to see if any target in the batch has changed. If any target changes, the total will change.


Batches can be run on demand from the web site at any time.

Schedule (Run Tests Automatically)

Corporate level subscribers can save test batches and schedule them to run automatically. Storing Batches on our servers saves even more time and reduces the chances for error. A saved batch can be run on demand from the Batch Web Service or from the interactive BatchEdit screen. Or saved batches can be scheduled to run automatically on cycles ranging from monthly to hourly.


A powerful feature of Batches is the Suppress option. Suppress prevents the Batch from sending you the results if a certain condition is met.

You can use Suppress to alert you if there is a security lapse on a target. Setup the Suppress with the condition: if every target in the Batch scores 90 or above, don't send the results. Read a different way, this says "Let me know if an address scores below 90."

You can use Suppress to alert you if there is any change to any target in the Batch. Run the batch and get the average, call it X, to three significant digits. Add a Suppress line to the Batch that says don't send the results if the average is X. Read the other way, this says "Let me know if anything changes." As long as nothing changes, you will not receive any emails. But as soon as any target changes, the average will change, and you will get notified.

Selecting Output Details

OnlyNode/OnlyField and XSL

The XML Output Formats at the XML_Detail level and above can produce very large output files. At the highest level there may be hundreds of fields for each MX host.

The OnlyNode and OnlyField feature of BatchTest allows you to choose just the fields that interest you. See (Batch XML OnlyNode/OnlyField) for how to use them.

The XSL feature of BatchTest also allows you to choose just the fields that interest you, but it uses the industry standard XSL. See (Batch XML XSL) for how to use XSL on a Batch.

For example, you can turn the 7630 lines of XML that an XML_CERTDETAIL test of Mimecast produces into just 52: <CheckTLS> <eMailAddress></eMailAddress> <ConfidenceFactor>100</ConfidenceFactor> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> <MX exchange="[]"> <SSLVersion>TLSv1_2</SSLVersion> </MX> </CheckTLS>