SMTP - TLS

Transport Layer Security (similar to SSL) brings "Perfect Forward Secrecy" to Internet Email by encrypting SMTP traffic.

Even though most remailer messages are already encrypted, TLS provides added security because the key used in TLS sessions usually is ephemeral - i.e. it only exists for seconds and is destroyed immediately after use.

Since remailer keys are valid for months, sometimes years, and some (like Dizum's) have no expiry date at all ephemeral keys make remailing more secure.

Whether or not ephemeral keys are used within a TLS session depends on the cipher suite chosen. The Ephemeral Diffie-Hellman (EDH) ciphers use ephemeral keys. See Diffie-Hellman in SSL/TLS.

In the table below the submission column indicates that a mailserver accepts mails on port 587 (submission). The smtps column indicates that it accepts SSL connections on port 465 (smtps) for use with stunnel and similar. Some hosts also accept normal connections on port 2525 - this is indicated in the column 2525. Please note that some hosts may enforce the use of TLS on the submission port.

Stunnel can do STARTTLS using -n smtp or with protocol = smtp in your config file, depending on your version.

remailer	mail exchanger	priority	TLS	submission	smtps	2525	error/warning
banana <banana@mixmaster.mixmin.net>
	fleegle.mixmin.net	10	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	yes	no	yes

binski <mixmaster@binski.net>
	pimarq.binski.net	10	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	yes	no	yes

dizum <remailer@dizum.com>
	smtp.dizum.com	10	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	no	no	no

erie <mix@erienetworks.net>
	sept-huit.erienetworks.net	10	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	no	no	no

frannie <mix@franxial.com>
	dashe.franxial.com	15	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	no	no	yes

frell <godot@remailer.frell.eu.org>
	a6sy4mr4vpnnfhlop2vthsi4heaonouxtrat2hpz2dzbcf45twpxvzyd.onion	5	YES	no	no	no	Invalid argument
	mail2.frell.eu.org	10	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	yes	yes	yes

frell2 <godot2@remailer.frell.eu.org>
	a6sy4mr4vpnnfhlop2vthsi4heaonouxtrat2hpz2dzbcf45twpxvzyd.onion	5	N/A	no	no	no	Invalid argument
	mail2.frell.eu.org	10	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	yes	yes	yes

hsub <hsub@mixmaster.mixmin.net>
	fleegle.mixmin.net	10	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	yes	no	yes

ipsum <mix@eocto.net>
	ipsum.eocto.net	10	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	no	no	no

middleman <mix@middleman.remailer.online>
	remailer.online	0	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	no	no	no

paranoia <mixmaster@remailer.paranoici.org>
	remailer.paranoici.org	10	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	yes	yes	no

shalo <mix@shalo.ca>
	ecosse.shalo.ca	10	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	no	no	no

slow <slowmix@mixmaster.mixmin.net>
	fleegle.mixmin.net	10	YES TLSv1.3 with cipher TLS_AES_256_GCM_SHA384	yes	no	yes

This page was last updated on 15 Nov 2024.