SMTP - TLS

Transport Layer Security (similar to SSL) brings "Perfect Forward Secrecy" to Internet Email by encrypting SMTP traffic.

Even though most remailer messages are already encrypted, TLS provides added security because the key used in TLS sessions usually is ephemeral - i.e. it only exists for seconds and is destroyed immediately after use.

Since remailer keys are valid for months, sometimes years, and some (like Dizum's) have no expiry date at all ephemeral keys make remailing more secure.

Whether or not ephemeral keys are used within a TLS session depends on the cipher suite chosen. The Ephemeral Diffie-Hellman (EDH) ciphers use ephemeral keys. See Diffie-Hellman in SSL/TLS.

In the table below the submission column indicates that a mailserver accepts mails on port 587 (submission). The smtps column indicates that it accepts SSL connections on port 465 (smtps) for use with stunnel and similar. Some hosts also accept normal connections on port 2525 - this is indicated in the column 2525. Please note that some hosts may enforce the use of TLS on the submission port.

Stunnel can do STARTTLS using -n smtp or with protocol = smtp in your config file, depending on your version.

remailermail exchangerpriorityTLSsubmissionsmtps2525error/warning
banana <banana@mixmaster.mixmin.net>
  fleegle.mixmin.net 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes no yes
dizum <remailer@dizum.com>
  smtp.dizum.com 10 YES no no no
frell <godot@remailer.frell.eu.org>
  a6sy4mr4vpnnfhlop2vthsi4heaonouxtrat2hpz2dzbcf45twpxvzyd.onion 5 N/A no no no Invalid argument
  mail2.frell.eu.org 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes yes yes
frell2 <godot2@remailer.frell.eu.org>
  a6sy4mr4vpnnfhlop2vthsi4heaonouxtrat2hpz2dzbcf45twpxvzyd.onion 5 N/A no no no Invalid argument
  mail2.frell.eu.org 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes yes yes
hsub <hsub@mixmaster.mixmin.net>
  fleegle.mixmin.net 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes no yes
ipsum <mix@eocto.net>
  ipsum.eocto.net 10 YES
TLS_AES_256_GCM_SHA384
no no no
middleman <mix@middleman.remailer.online>
  remailer.online 0 YES no no no
paranoia <mixmaster@remailer.paranoici.org>
  remailer.paranoici.org 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes yes no
shalo <mix@shalo.ca>
  ecosse.shalo.ca 10 YES
TLS_AES_256_GCM_SHA384
no no no
slow <slowmix@mixmaster.mixmin.net>
  fleegle.mixmin.net 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes no yes
tncmm <mixmaster@tnetconsulting.net>
  graymail.tnetconsulting.net 10 N/A no no no connection refused
  tncsrv06.tnetconsulting.net 15 YES
ECDHE-RSA-AES256-GCM-SHA384
yes yes yes
  tncsrv05.tnetconsulting.net 20 yes no yes no
  tarbaby.junkemailfilter.com 99 yes yes yes no


This page was last updated on 26 Feb 2024.