SMTP - TLS

Transport Layer Security (similar to SSL) brings "Perfect Forward Secrecy" to Internet Email by encrypting SMTP traffic.

Even though most remailer messages are already encrypted, TLS provides added security because the key used in TLS sessions usually is ephemeral - i.e. it only exists for seconds and is destroyed immediately after use.

Since remailer keys are valid for months, sometimes years, and some (like Dizum's and Kroken's) have no expiry date at all ephemeral keys make remailing more secure.

Whether or not ephemeral keys are used within a TLS session depends on the cipher suite chosen. The Ephemeral Diffie-Hellman (EDH) ciphers use ephemeral keys. See Diffie-Hellman in SSL/TLS.

In the table below the submission column indicates that a mailserver accepts mails on port 587 (submission). The smtps column indicates that it accepts SSL connections on port 465 (smtps) for use with stunnel and similar. Some hosts also accept normal connections on port 2525 - this is indicated in the column 2525. Please note that some hosts may enforce the use of TLS on the submission port.

Stunnel can do STARTTLS using -n smtp or with protocol = smtp in your config file, depending on your version.

remailermail exchangerpriorityTLSsubmissionsmtps2525error/warning
austria <mixmaster@remailer.privacy.at>
  remailer.privacy.at 0 YES no no no
banana <banana@mixmaster.mixmin.net>
  fleegle.mixmin.net 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes no yes
ciambella <ciambella@miniguile.com>
  www1.miniguile.com 10 YES
ECDHE-RSA-AES256-GCM-SHA384
no no no
cloaked <mixmaster@cloaked.pw>
  esn.cloaked.pw 5 YES
ECDHE-RSA-AES256-GCM-SHA384
no no yes
congeries <mix@congeries.org.uk>
  congeries.org.uk 9 YES no no no
  rhea.easily.co.uk 10 NO no no no
devurandom <mixmaster@anonymitaet-im-inter.net>
  mail.anonymitaet-im-inter.net 10 YES no no no
dizum <remailer@dizum.com>
  smtp.dizum.com 10 YES no no no
eurovibes <mixmaster@eurovibes.org>
  mara.eurovibes.org 10 YES
ECDHE-RSA-AES256-GCM-SHA384
no no yes
fotonl1 <mixmaster@foto.nl1.torservers.net>
  foto.nl1.torservers.net 0 YES
ECDHE-RSA-AES256-GCM-SHA384
no no no
freierede <mixmaster@freie-re.de>
  freie-re.de 0 YES no no no
frell <godot@remailer.frell.eu.org>
  mail2.frell.eu.org 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes no yes
  bshc44ac76q3kskw.onion 5 N/A no no no Invalid argument
frell2 <godot2@remailer.frell.eu.org>
  mail2.frell.eu.org 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes yes yes
  bshc44ac76q3kskw.onion 5 N/A no no no Invalid argument
hsub <hsub@mixmaster.mixmin.net>
  fleegle.mixmin.net 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes no yes
inwtx <mix@inwtx.net>
  mail.inwtx.net 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes yes yes
kreti <mixmaster@hoi-polloi.org>
  mail.hoi-polloi.org 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes no no
kroken <remailer@kroken.de.eu.org>
  rooty.uni-boeblingen.de 0 YES
DHE-RSA-AES256-SHA
no no no
middleman <mix@middleman.remailer.online>
  remailer.online 0 YES no no no
paranoia <mixmaster@remailer.paranoici.org>
  remailer.paranoici.org 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes no no
  mx1.investici.org 50 N/A no no no connection refused
  mx5.investici.org 50 N/A no no no Invalid argument
redjohn <remailer@redjohn.net>
  mail.redjohn.net 0 YES no no no
roance <mixmaster@roance.net>
  roxy.roance.net 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes no no
slow <slowmix@mixmaster.mixmin.net>
  fleegle.mixmin.net 10 YES
ECDHE-RSA-AES256-GCM-SHA384
yes no yes
tncmm <mixmaster@tnetconsulting.net>
  tncsrv06.tnetconsulting.net 15 YES
ECDHE-RSA-AES256-GCM-SHA384
yes yes yes
  tncsrv05.tnetconsulting.net 20 yes no no no
  graymail.tnetconsulting.net 10 N/A no no no connection refused
  tarbaby.junkemailfilter.com 99 yes yes yes no


This page was last updated on 1 May 2019.