Web Tool Announcement: ismymailsecure.com

[Holger Rabbach <hrabbach () crossroad-networks com>]

Dear Bugtraq community,

I am happy to announce the immediate availability of a web based email
security testing tool at http://www.ismymailsecure.com. The tool is an
end-user friendly way to determine if the mail servers for a certain
email address support the STARTTLS capability to encrypt the email
transfer between servers. While most email providers have frontends that
use encryption, the actual email transfers via SMTP are often not secure
at all, giving users a false sense of security. While it was always
possible to manually check for the availability of TLS encryption, the
tool makes this process much easier. The website gives both security
professionals and end-users an easy tool to check all mailservers for a
given domain for TLS support. Test results are cached for 24 hours, so
as to no overload the SMTP servers with lots of pointless connections.
If you have any concerns about having to enter a full email address,
please be advised that this address is never stored anywhere. The only
reason that the site asks for an email address rather than a domain is
that it makes it easier for end-users to enter the correct information.
Feel free to enter anything you like as the left hand part of the
address, as it will be immediately stripped off by the tool anyway.
Future plans for the tool include additional checks like supported
ciphers and also an option to check IMAP and POP3 servers for security
as well.

Best regards,
Holger Rabbach