Passed : IPv6

Well done! Your mail server can be reached by senders using modern IPv6 addresses, making it fully part of the modern Internet.

Passed : all mail servers (MX) come with an IPv6 address. Mailservers: mx02.mail.de., mx01.mail.de.

Passed : all mail servers (MX) having an IPv6 address are also reachable through IPv6

Passed : A sufficient number of name servers (NS) come with an IPv6 address.

Passed : Nameservers with an IPv6 address: anycast2.irondns.net., anycast1.irondns.net.

Passed : Nameservers with an IPv4 address: anycast2.irondns.net., anycast1.irondns.net.

Passed : all name servers (NS) having an IPv6 address are also reachable through IPv6


Passed : DNSSEC

Well done! Your email address domain and your mail server domain(s) are signed with a valid signature. Therefore senders with enabled domain signature validation, are able to reliably query the IP address of your receiving mail server(s).

Incoming mail server (MX): mx01.mail.de.

Passed : Secured with DNSSEC.

Incoming mail server (MX): mx02.mail.de.

Passed : Secured with DNSSEC.

Tested domain name: mail.de

Passed : Secured with DNSSEC. Your registrar (most often also your DNS operator) is: No value available


Passed : DMARC, DKIM and SPF

Well done! Your domain contains all authenticity marks against email forgery. Therefore receivers are able to reliably seperate phishing and spam emails abusing your domain in their sender address, from your authentic emails.

Passed : a DKIM record (TXT) has been found

Passed : a DMARC policy (TXT record) has been found:
v=DMARC1; p=none; rua=mailto:dmarc-rua@mail.de; ruf=mailto:dmarc-ruf@mail.de

Passed : an SPF policy (TXT record) has been found:
v=spf1 ip4:213.128.151.216 ip4:213.128.151.217 ip4:213.128.151.218 ip4:213.128.151.219 ip6:2001:0868:0100:0600::/64 ?all


Passed : STARTTLS

Well done! Sending mail servers supporting STARTTLS can establish a secure connection with your receiving mail server(s). Passive attackers will therefore not be able to read emails in transit to you. Note: we additionally recommend to publish DANE records to counteract active attackers from stripping STARTTLS encryption by manipulating the mail traffic.

Incoming mail server (MX): mx01.mail.de.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : some certificates are signed using a hash method that is not secure:
{'DigiCert High Assurance EV Root CA': 'sha1withrsaencryption'}

Passed : hostname of mail server matches certificate

Passed : a valid TLSA record has been found (DANE)

Incoming mail server (MX): mx02.mail.de.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : some certificates are signed using a hash method that is not secure:
{'DigiCert High Assurance EV Root CA': 'sha1withrsaencryption'}

Passed : hostname of mail server matches certificate

Passed : a valid TLSA record has been found (DANE)