Dear Bugtraq community, I am happy to announce the immediate availability of a web based email security testing tool at http://www.ismymailsecure.com. The tool is an end-user friendly way to determine if the mail servers for a certain email address support the STARTTLS capability to encrypt the email transfer between servers. While most email providers have frontends that use encryption, the actual email transfers via SMTP are often not secure at all, giving users a false sense of security. While it was always possible to manually check for the availability of TLS encryption, the tool makes this process much easier. The website gives both security professionals and end-users an easy tool to check all mailservers for a given domain for TLS support. Test results are cached for 24 hours, so as to no overload the SMTP servers with lots of pointless connections. If you have any concerns about having to enter a full email address, please be advised that this address is never stored anywhere. The only reason that the site asks for an email address rather than a domain is that it makes it easier for end-users to enter the correct information. Feel free to enter anything you like as the left hand part of the address, as it will be immediately stripped off by the tool anyway. Future plans for the tool include additional checks like supported ciphers and also an option to check IMAP and POP3 servers for security as well. Best regards, Holger Rabbach
