Tue, 12 Sep 2017 Frequently Asked Questions
Mon, 20 Mar 2017 CheckTLS Whitelist
Add the following IP addresses and domain names to any network filters and/or domain Whitelists at your site.
IP Address Range: 22.214.171.124-115 (126.96.36.199/30 or 188.8.131.52/255.255.255.252)
Domain Names: CheckTLS.com and *.CheckTLS.com
Adding our IP address range to any network filters makes sure our tests are able to do the testing you request from our site.Our tests are non-invasive, non-intrusive, and non-obtrusive. They require no changes to your or any other system. They cause no extra processing and should not trip any security alarms.
Adding our domain to any Whitelists also makes sure our tests can do the testing you request, and it also makes sure any results we email to you get through to you and don't end up in a junk folder or thrown away.
Corporate is everything in Professional plus the ability to store batches (lists) of addresses and test them automatically on a schedule.
Professional is access to the raw tools, Corporate makes them easy to use over and over.
Professional tests things one time, Corporate is "set it and forget it" continuous monitoring of one or more email systems.
You can achieve HIPAA Compliance with Corporate. See email compliance
Corporate also has Internet Packet Sniffer and Protocol Analyzer -- very powerful tools that take some time to learn and setup.
Tue, 12 Sep 2017 Why Do You "Score" TLS Instead of Giving a Yes or No Answer?
TLS is not Yes or No. Take for example a domain that has a primary and a secondary (backup) MX host. If the primary has TLS but the secondary does not, is email to that domain encrypted or not?
Our Confidence Factor℠ takes this into account. It accounts for two or more MX hosts, how they are prioritized, how good each of their TLS configurations are, such as what versions and cyphers they are using, etc.
Even for single MX hosts, the Confidence Factor℠ considers versions, cypher strengths, key sizes, certificates, DNS setup and name matching, etc.
Note that two or more MX hosts are common in medium sized organizations. They have their own email system, but subscribe to a cloud email provider as a backup. Their own email system has a higher MX priority than the backup, so the primary is always tried and used first. It is only when their own email system is down for maintenance or has a problem that the cloud provider receives their email. The backup typically stores the email and sends it to the primary when the primary comes back online. That connection may or may not be secure also, depending if the backup can send using encryption.
That's why we created the Confidence Factor℠. It shows the shades of gray. We suggest that a CF of 90 and above is good. But we don’t unequivocally say "yes" unless it’s 100%.