SMTP - TLS
Transport
Layer
Security (similar to SSL)
brings "Perfect Forward Secrecy" to Internet Email by encrypting SMTP traffic.
Even though most remailer messages are already encrypted, TLS provides added security
because the key used in TLS sessions usually is ephemeral - i.e. it only
exists for seconds and is destroyed immediately after use.
Since remailer keys are valid for months, sometimes years, and some (like Dizum's)
have no expiry date at all ephemeral keys make remailing more secure.
Whether or not ephemeral keys are used within a TLS session depends on the cipher suite chosen.
The Ephemeral Diffie-Hellman (EDH) ciphers use ephemeral keys. See Diffie-Hellman in SSL/TLS.
In the table below the submission column indicates that a mailserver accepts mails on port 587
(submission). The smtps column indicates that it accepts SSL connections on port 465
(smtps) for use with stunnel and similar. Some hosts also accept normal
connections on port 2525 - this is indicated in the column 2525.
Please note that some hosts may enforce the use of TLS on the submission port.
Stunnel can do STARTTLS using -n smtp or with protocol = smtp in your
config file, depending on your version.
remailer | mail exchanger | priority | TLS | submission | smtps | 2525 | error/warning |
binski <mixmaster@binski.net> |
|
pimarq.binski.net |
10 |
YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 |
yes |
no |
yes |
|
dizum <remailer@dizum.com> |
|
smtp.dizum.com |
10 |
YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 |
no |
no |
no |
|
frannie <mix@franxial.com> |
|
dashe.franxial.com |
15 |
YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 |
no |
no |
yes |
|
frell <godot@remailer.frell.eu.org> |
|
a6sy4mr4vpnnfhlop2vthsi4heaonouxtrat2hpz2dzbcf45twpxvzyd.onion |
5 |
YES
|
no |
no |
no |
Invalid argument |
|
mail2.frell.eu.org |
10 |
YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 |
yes |
yes |
yes |
|
frell2 <godot2@remailer.frell.eu.org> |
|
a6sy4mr4vpnnfhlop2vthsi4heaonouxtrat2hpz2dzbcf45twpxvzyd.onion |
5 |
N/A |
no |
no |
no |
Invalid argument |
|
mail2.frell.eu.org |
10 |
YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 |
yes |
yes |
yes |
|
ipsum <mix@eocto.net> |
|
ipsum.eocto.net |
10 |
YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 |
no |
no |
no |
|
middleman <mix@middleman.remailer.online> |
|
remailer.online |
0 |
YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 |
no |
no |
no |
|
paranoia <mixmaster@remailer.paranoici.org> |
|
remailer.paranoici.org |
10 |
YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 |
yes |
yes |
no |
|
shalo <mix@shalo.ca> |
|
ecosse.shalo.ca |
10 |
YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 |
no |
no |
no |
This page was last updated on 2 Apr 2025.
|