TestSender looks backward at the sending end of an Internet eMail transfer to test the software, server, or appliance that sends email to the Internet. These include the sendmail type devices mentioned in TestReceiver, and for most organizations it is the same device that receives Internet email. Just because it is typically the same device does not mean that if secure email is working in one direction it will also be working in the other direction. The two setups are very different.


TestSender both verifies the encryption of emails you send and it exposes details of your security and anti-spam efforts such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC). The recent US Government mandate to make federal communications more secure (CNN article) has made DMARC testing a hot topic.

Some other on-line DMARC testing services show mis-leading warnings and urge you to purchasing something. TestSender shows you the inner workings of your setup so you can see if it is setup correctly, and so you can debug and optimize it. TestSender is free SPF, DKIM, and DMARC testing!

Using TestSender

Using TestSender is a two-step process.

TestSender cannot tell your email system "send me an email". You'll need to do that, and before you do, you have to tell TestSender it's coming.

TestSender Passcode

Subscribers have a dedicated TS Passcode and have unlimited access to TestSender. CheckTLS already knows their emails are coming.

Visitors to CheckTLS must browse to the TestSender page to get a one-time-use code every time they test. This lets us know to expect an email from you.

To start the test, send an email to test@TestSender.CheckTLS.com with your code in the Subject: line. When your email system connects to CheckTLS to send us your email, TestSender answers instead and tests your sender as it sends the email.

As a convenience, the TestSender webpage has a link that will start the email on your PC with the proper To: and Subject:.

Before using TestSender, you should add CheckTLS.com to your list of allowed domains so the returned report is not inadvertently marked as spam.

Should you wish to include other text besides the one-time-use code in the Subject of your email, i.e. if you have subscribed to CheckTLS and are automating may tests, just enclose the one-time-use code (for subscribers, your permanent Sender Test passcode) in parenthesis, like this:

Subject: Test number 12 (whizzywhig) on Tuesday

Automating TestSender

Since Subscribers have unlimited access to TestSender without visiting the TestSender page, they can automate Sender tests. Because there is no way for us to tell your email sysetm to "send us an email", you automate Sender testing by telling your email system to automatically send an email to our TestSender address (see above). That starts the test, just as if you started it from the TestSender webpage.

See Batch Test, and especially the section on Batch Thru Test for a better way to automate Sender testing.

Understanding the Results

Results are emailed back to the address from which you sent the test email. See the Sample Results eMail below for an example. This email is in simple, plain text, so you can test any email system and the reply will be usable. Plain text can also be forwarded, or copied and pasted, to anyone or anything else.

The email shows whether or not the test was successful in the Subject: and also in the body of the text. It gives a few details about the particular test, so you can tell multiple test runs apart. The bulk of the email is a complete transaction log of the SMTP session for the test showing all of the commands and responses sent to and from the two servers as they transfer the email. In front of the log is a brief reminder of how to read it.

Any obvious errors found during the test are boxed in with asterisks so they're easy to find in the log:

*** ********** Error Note ********** ***
***                                  ***
*** Sender used HELO instead of EHLO ***
Sample Results eMail
From: testsender@CheckTLS.com [mailto:testsender@CheckTLS.com] 
Sent: Monday, May 02, 2011 1:22 PM
To: sshoe@checktls.com
Subject: CheckTLS TestSender SUCCESSFUL

Below are the details from your CheckTLS TestSender test
from <support@checktls.com> via []
run on 2011-05-02 13:22:01 EDT.
Original email Subject: m9udr4ebtfmpk

Your email was successfully sent securely using TLS.

A transcript of the eMail SMTP session is below:
--> this would be a line from your email system to our test
<-- and this would be a line to your email system from our test

If TLS was negotiated, a line is added:
====tls negotiation successful (cypher: cyphername, client cert: certinfo)

Everything after that line is secure (encrypted), as indicated by:
~~> commands from your system then have wiggly lines
<~~ and responses from our system do too

Any errors that the test noticed are noted in the log by asterisk boxes:
*** ********** Error Note ********* ***
***                                 ***
*** The error message would be here ***

<-- 220 ts.checktls.com CheckTLS TestSender Mon, 02 May 2011 13:22:00 -0400
--> HELO mail.checktls.com
*** ********** Error Note ********** ***
***                                  ***
*** Sender used HELO instead of EHLO ***
<-- 250-ts.checktls.com Hello mail.checktls.com [], pleased to meet you
<-- 250-8BITMIME
<-- 250-SIZE
<-- 250-DSN
<-- 250-ETRN
<-- 250-STARTTLS
<-- 250 HELP
<-- 220 Ready to start TLS
====tls negotiation successful (cypher: AES256-SHA,
    client cert: Subject Name: undefined;Issuer  Name: undefined;)
~~> EHLO mail.checktls.com
<~~ 250-ts.checktls.com Hello mail.checktls.com [], pleased to meet you
<~~ 250-8BITMIME
<~~ 250-SIZE
<~~ 250-DSN
<~~ 250-ETRN
<~~ 250 HELP
~~> MAIL From:<support@checktls.com> SIZE=805
<~~ 250 Ok - mail from support@checktls.com
~~> RCPT To:<test@TestSender.CheckTLS.com>
<~~ 250 Ok - recipient test@TestSender.CheckTLS.com
~~> DATA
<~~ 354 Send data.  End with CRLF.CRLF
~~> Received: from mail.checktls.com (localhost [])
~~>   by mail.checktls.com (8.14.4/8.14.4) with ESMTP id p42HLxYM029047
~~>   (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
~~>   for <test@TestSender.CheckTLS.com>; Mon, 2 May 2011 13:21:59 -0400
~~> Received: (from support@localhost)
~~>   by mail.checktls.com (8.14.4/8.14.4/Submit) id p42HLxe1029045
~~>   for test@TestSender.CheckTLS.com; Mon, 2 May 2011 13:21:59 -0400
~~> From: Steve Shoemaker <support@checktls.com>
~~> Message-Id: <201105021721.p42HLxe1029045@mail.checktls.com>
~~> Date: Mon, 02 May 2011 13:21:59 -0400
~~> To: test@TestSender.CheckTLS.com
~~> Subject: m9udr4ebtfmpk
~~> User-Agent: Heirloom mailx 12.4 7/29/08
~~> MIME-Version: 1.0
~~> Content-Type: text/plain; charset=us-ascii
~~> Content-Transfer-Encoding: 7bit
~~> Test message.
~~> .
<~~ 250 Ok
~~> QUIT
<~~ 221 ts.checktls.com closing connection