SMTP - TLS

Even though usual remailer mail is already encrypted, TLS adds security because the key used in TLS sessions usually is ephemeral - i.e. it only exists for seconds and is destroyed immediatly after use. Whether or not short-lived keys are used depends on the cipher suite chosen. (The EDH (Ephemeral Diffie-Hellman) ciphers use ephemeral keys.)

Ephemeral keys make it impossible to decrypt data which was eavesdropped at one time by compromising a remailer's key later.

Since remailer keys are valid for weeks, sometimes years, this makes remailing more secure.

The submission column indicates that a mailserver acceps mails on port 587 (submission). The smtps column that it accepts SSL connections on port 465 (smtps) for use with stunnel and similar. Some hosts also accept normal connections on port 2525 - this is indicated in the column 2525. Please note that some hosts may enforce the use of TLS on the submission port.

Stunnel can do STARTTLS using -n smtp or with protocol = smtp in your config file, depending on your version.

See the Encrypted Email - TLS/SSL on mixmin for a howto on using stunnel on Windows with Quicksilver and JBN2.

remailer	mail exchanger	priority	TLS	submission	smtps	2525	error/warning
anon <[email protected]>
	anonusa.net	0	YES ECDHE-RSA-AES256-GCM-SHA384	yes	yes ECDHE-RSA-AES256-GCM-SHA384	no
austria <[email protected]>
	remailer.privacy.at	0	YES ECDHE-RSA-AES256-GCM-SHA384	no	no	no
banana <[email protected]>
	fleegle.mixmin.net	10	YES ECDHE-RSA-AES256-GCM-SHA384	yes	no	yes
brabus <[email protected]>
	brabus.remailer.org.uk	0	no	yes	no	no
congeries <[email protected]>
	congeries.org.uk	9	YES ECDHE-RSA-AES256-GCM-SHA384	no	no	no
	rhea.easily.co.uk	10	no	no	no	no
devurandom <[email protected]>
	mail.anonymitaet-im-inter.net	10	YES ECDHE-RSA-AES256-GCM-SHA384	no	no	no
dizum <[email protected]>
	smtp.dizum.com	10	YES ECDHE-RSA-AES256-GCM-SHA384	no	no	no
eurovibes <[email protected]>
	mara.eurovibes.org	10	YES ECDHE-RSA-AES256-GCM-SHA384	no	no	no
fotonl1 <[email protected]>
	foto.nl1.torservers.net	0	YES ECDHE-RSA-AES256-GCM-SHA384	no	no	no
freierede <[email protected]>
	freie-re.de	0	YES ECDHE-RSA-AES256-GCM-SHA384	no	no	no
frell <[email protected]>
	bshc44ac76q3kskw.onion	5	N/A	no	no	no	query failed: NXDOMAIN
	mail2.frell.eu.org	10	YES ECDHE-RSA-AES256-GCM-SHA384	yes	yes ECDHE-RSA-AES256-GCM-SHA384	yes
frell2 <[email protected]>
	bshc44ac76q3kskw.onion	5	N/A	no	no	no	query failed: NXDOMAIN
	mail2.frell.eu.org	10	YES ECDHE-RSA-AES256-GCM-SHA384	yes	yes ECDHE-RSA-AES256-GCM-SHA384	yes
holland <[email protected]>
	holland.remailer.nl	0	no	yes	no	no
hsub <[email protected]>
	fleegle.mixmin.net	10	YES ECDHE-RSA-AES256-GCM-SHA384	yes	no	yes
kreti <[email protected]>
	mail.hoi-polloi.org	10	YES DHE-RSA-AES256-GCM-SHA384	yes	yes DHE-RSA-AES256-GCM-SHA384	no
kroken <[email protected]>
	rooty.uni-boeblingen.de	123	YES DHE-RSA-AES256-SHA	no	no	no
lambton <[email protected]>
	ppna.lambton.org	10	YES ECDHE-RSA-AES256-GCM-SHA384	yes	no	no
lisbeth <[email protected]>
	placid.loadmx.net	0	YES ECDHE-RSA-AES256-GCM-SHA384	yes	no	yes
lulunga <[email protected]>
	remailer.cypherpunks.to	100	YES ECDHE-RSA-AES256-GCM-SHA384	no	no	no
paranoia <[email protected]>
	remailer.paranoici.org	10	YES ECDHE-RSA-AES256-GCM-SHA384	yes	yes ECDHE-RSA-AES256-GCM-SHA384	no
	mx5.investici.org	50	N/A	no	no	no	query failed: NXDOMAIN
	mx1.investici.org	50	N/A	no	no	no	Cannot connect: Connection timed out
redjohn <[email protected]>
	mail.redjohn.net	0	YES ECDHE-RSA-AES256-GCM-SHA384	no	no	no
roance <[email protected]>
	roxy.roance.net	0	YES ECDHE-RSA-AES256-GCM-SHA384	yes	no	no
senshi <[email protected]>
	mx01.emig.gmx.net	10	YES ECDHE-RSA-AES128-GCM-SHA256	no	no	no
	mx00.emig.gmx.net	10	YES ECDHE-RSA-AES128-GCM-SHA256	no	no	no
slow <[email protected]>
	fleegle.mixmin.net	10	YES ECDHE-RSA-AES256-GCM-SHA384	yes	no	yes

Built at Sun Oct 22 20:09:58 2017.