Von: Lindenberg Email Test Service <*********@lindenberg.one>
Gesendet: 20.03.2023 17:16
An: <*********@lindenberg.one>
Betreff: Test result for telekom.de

 

Connection History:
03.20.2023 15:58:12 - 15:58:12 (mailout21.telekom.de/mailout21.telekom.de/::ffff:194.25.225.215 -> Server 0, plain text, Mail):
    From: <M***y@telekom.de> To: <**************@lindenberg.one> Signatures:Unknown
03.20.2023 15:59:14 - 15:59:17 (mailout21.telekom.de/mailout21.telekom.de/::ffff:194.25.225.215 -> Server 0, plain text, Mail):
    From: <M***y@telekom.de> To: <**************@lindenberg.one> Signatures:Unknown
03.20.2023 16:01:18 - 16:01:19 (mailout21.telekom.de/mailout21.telekom.de/::ffff:194.25.225.215 -> Server 0, plain text, Mail):
    From: <M***y@telekom.de> To: <**************@lindenberg.one> Signatures:Unknown
03.20.2023 16:05:20 - 16:05:21 (mailout21.telekom.de/mailout21.telekom.de/::ffff:194.25.225.215 -> Server 0, plain text, Mail):
    From: <M***y@telekom.de> To: <**************@lindenberg.one> Signatures:Unknown
03.20.2023 16:13:22 - 16:13:23 (mailout21.telekom.de/mailout21.telekom.de/::ffff:194.25.225.215 -> Server 0, encrypted, Mail):
    From: <M***y@telekom.de> To: <**************@lindenberg.one> Signatures:Unknown

Analysis Sending of Email
Your mailserver does not use SNI, hence does not support RFC 7672 nor RFC 8461, and likely accepts any certificate when sending (bad).
Your mailserver was sending a mail (FROM/RCPT/DATA) without using STARTTLS first. Even though it may support RFC 7672 or RFC 8461, it does not enforce encryption (bad, but kind of normal).

Analysis Reception of Email
Domain telekom.de does not use DNSSEC with MX-Records (bad).
Domain telekom.de does not use DNSSEC with A-Records (bad).
Domain telekom.de does not use DNSSEC with TLSA-Records (bad).
Domain telekom.de does support STARTTLS (good).
Domain telekom.de does use valid certificates (good).
Domain telekom.de does not support qualified transport encryption (bad).
Domain telekom.de does not support RFC 7672 SMTP-DANE (bad).
Domain telekom.de does not support RFC 8461 MTA-STS (bad).