Failed : IPv6

Too bad! Your mail server can not be reached by senders using modern IPv6 addresses, or improvement is possible. Therefore your mail server is not part of the modern Internet yet. You should ask your email provider to fully enable IPv6.

Failed : none of the mail servers (MX) comes with an IPv6 address

Failed : A sufficient number of name servers (NS) come with an IPv6 address.

Failed : Nameservers with an IPv6 address: ns-webde.ui-dns.biz., ns-webde.ui-dns.de., ns-webde.ui-dns.org., ns-webde.ui-dns.com.

Failed : Nameservers with an IPv4 address: ns-webde.ui-dns.biz., ns-webde.ui-dns.de., ns-webde.ui-dns.org., ns-webde.ui-dns.com.

Failed : all name servers (NS) having an IPv6 address are also reachable through IPv6


Passed : DNSSEC

Well done! Your email address domain and your mail server domain(s) are signed with a valid signature. Therefore senders with enabled domain signature validation, are able to reliably query the IP address of your receiving mail server(s).

Incoming mail server (MX): mx-ha02.web.de.

Passed : Secured with DNSSEC.

Incoming mail server (MX): mx-ha03.web.de.

Passed : Secured with DNSSEC.

Tested domain name: web.de

Passed : Secured with DNSSEC. Your registrar (most often also your DNS operator) is: No value available


Failed : DMARC, DKIM and SPF

Too bad! Your domain does not contain all authenticity marks against email forgery. Therefore receivers are not able to reliably seperate phishing and spam emails abusing your domain in their sender address from your authentic emails. You should ask your mail provider to activate DMARC, DKIM and SPF.

Failed : a DKIM record (TXT) has been found

Failed : a DMARC policy (TXT record) could not be found

Failed : an SPF policy (TXT record) has been found:
v=spf1 ip4:212.227.126.128/25 ip4:212.227.15.0/25 ip4:212.227.17.0/27 ip4:217.72.192.248/29 ip4:82.165.159.0/26 ip4:217.72.207.0/27 ip4:217.72.192.64/26 -all


Passed : STARTTLS

Well done! Sending mail servers supporting STARTTLS can establish a secure connection with your receiving mail server(s). Passive attackers will therefore not be able to read emails in transit to you. Note: we additionally recommend to publish DANE records to counteract active attackers from stripping STARTTLS encryption by manipulating the mail traffic.

Incoming mail server (MX): mx-ha02.web.de.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : all certificates are signed using a sufficiently secure hash method

Passed : hostname of mail server matches certificate

Passed : a valid TLSA record has been found (DANE)

Incoming mail server (MX): mx-ha03.web.de.

Passed : mail server offers STARTTLS

Passed : sufficiently secure TLS versions supported

Passed : sufficiently secure cipher methods supported

Passed : the certificate chain is complete and signed by a trusted root CA

Passed : the public keys in the certificates are sufficiently long

Passed : all certificates are signed using a sufficiently secure hash method

Passed : hostname of mail server matches certificate

Passed : a valid TLSA record has been found (DANE)