TestSender looks backward at the sending end of an Internet eMail transfer to test the software, server, or appliance that sends email to the Internet. These include the sendmail type devices mentioned in TestReceiver, and for most organizations it is the same device that receives Internet email. Just because it is typically the same device does not mean that if secure email is working in one direction it will also be working in the other direction. The two setups are very different.


TestSender both verifies the encryption of emails you send and it exposes details of your security and anti-spam efforts such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC). The recent US Government mandate to make federal communications more secure (CNN article) has made DMARC testing a hot topic.

Some other on-line DMARC testing services show mis-leading warnings and urge you to purchasing something. TestSender shows you the inner workings of your setup so you can see if it is setup correctly, and so you can debug and optimize it. TestSender is free SPF, DKIM, and DMARC testing!

Using TestSender

Using TestSender is a two-step process.

TestSender cannot tell your email system "send me an email". You'll need to do that, and before you do, you have to tell TestSender it's coming.

TestSender Passcode

Subscribers have a dedicated TS Passcode and have unlimited access to TestSender. CheckTLS already knows their emails are coming.

Visitors to CheckTLS must browse to the TestSender page to get a one-time-use code every time they test. This lets us know to expect an email from you.

To start the test, send an email to test@TestSender.CheckTLS.com with your code in the Subject: line. When your email system connects to CheckTLS to send us your email, TestSender answers instead and tests your sender as it sends the email.

As a convenience, the TestSender webpage has a link that will start the email on your PC with the proper To: and Subject:.

Before using TestSender, you should add CheckTLS.com to your list of allowed domains so the returned report is not inadvertently marked as spam.

Should you wish to include other text besides the one-time-use code in the Subject of your email, i.e. if you have subscribed to CheckTLS and are automating may tests, just enclose the one-time-use code (for subscribers, your permanent Sender Test passcode) in parenthesis, like this:

Subject: Test number 12 (whizzywhig) on Tuesday

Automating TestSender

Since Subscribers have unlimited access to TestSender without visiting the TestSender page, they can automate Sender tests. Because there is no way for us to tell your email sysetm to "send us an email", you automate Sender testing by telling your email system to automatically send an email to our TestSender address (see above). That starts the test, just as if you started it from the TestSender webpage.

See Batch Test, and especially the section on Batch Thru Test for a better way to automate Sender testing.

Understanding the Results

Results are emailed back to the address from which you sent the test email. See the Sample Results eMail below for an example. This email is in simple, plain text, so you can test any email system and the reply will be usable. Plain text can also be forwarded, or copied and pasted, to anyone or anything else.

The email shows whether or not the test was successful in the Subject: and also in the body of the text. It gives a few details about the particular test, so you can tell multiple test runs apart. The bulk of the email is a complete transaction log of the SMTP session for the test showing all of the commands and responses sent to and from the two servers as they transfer the email. In front of the log is a brief reminder of how to read it.

Any obvious errors found during the test are boxed in with asterisks so they're easy to find in the log:

*** ********** Error Note ********** ***
***                                  ***
*** Sender used HELO instead of EHLO ***
Sample Results eMail
Date: Fri, 29 Jun 2018 11:33:34 -0400
To: nospam@checktls.com
From: CheckTLS Test Sender TLS
Content-Type: text/html

SUCCESSFUL CheckTLS/email/test From:

Your email was sent securely using TLS.

Date:2018-06-29 11:33:33 EDT
ClientCert:Subject Name: /OU=Domain Control Validated/CN=*.checktls.com
Issuer Name: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
SPF_mfrom.Record:v=spf1 a mx -all
SPF_mfrom:pass: local="checktls.com: is authorized to use 'checktls.com' in 'mfrom' identity (mechanism 'a' matched)"
SPF_helo:none: local="www6.checktls.com: No applicable sender policy available"
DKIM:pass: signature="@checktls.com" result="pass"
DKIM_policy.sender:"o=~"(default), result="accept"
DKIM_policy.author:"o=~"(default), result="accept"
DKIM_policy.ADSP:""(default), result="accept"

(this email intentionally has limited formatting)

The transcript of the eMail SMTP session is below, with:
--> this is a line from your email system to us (~~> when encrypted)
<-- this is a line to your email system from us (<~~ when encrypted)
=== this is a line about the tls negotiation (cypher, cert, etc)
*** this is an error, warning, or info line that the test found
<-- 220 ts6.checktls.com ESMTP TestSender Fri, 29 Jun 2018 11:33:33 -0400
--> EHLO www6.CheckTLS.com
<-- 250-ts6.checktls.com Hello www6.checktls.com [], pleased to meet you
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250 HELP
<-- 220 Ready to start TLS
====tls negotiation successful (cypher: ECDHE-RSA-AES128-GCM-SHA256)
client cert:
Subject Name: /OU=Domain Control Validated/CN=*.checktls.com
Issuer  Name: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
~~> EHLO www6.CheckTLS.com
<~~ 250-ts6.checktls.com Hello www6.checktls.com [], pleased to meet you
<~~ 250-8BITMIME
<~~ 250 HELP
~~> MAIL From:<nospam@checktls.com>
<~~ 250 Ok - mail from nospam@checktls.com
~~> RCPT To:<test@TestSender.CheckTLS.com>
<~~ 250 Ok - recipient test@TestSender.CheckTLS.com
~~> DATA
<~~ 354 Send data.  End with CRLF.CRLF
~~> From: "Steve Shoemaker" <nospam@checktls.com>
~~> To: <test@TestSender.CheckTLS.com>
~~> Subject: password
~~> Date: Fri, 29 Jun 2018 11:32:31 -0400
~~> This message is intentionally empty.
~~> .
<~~ 250 Ok
~~> QUIT
<~~ 221 ts6.checktls.com closing connection