Welcome to STARTTLS Scanner.

StartTLS Scanner is a project of Virginia Tech. We currently collect certificates served at SMTP servers that support STARTTLS and DANE.

Our goal is to perform a comprehensive active measurement of the DANE-supporting mail servers to track and analyze the usage and their deployment.

Problem Reporting

If you are a mail server operator and you believe that your mail servers may be experiencing problems due to our measurements, please consult the information below on what you can expect to see from us, how you can contact us, and as a last resort how you can block our traffic.

We thank you in advance for working with us to resolve any issues, and apologize in advance if we have inadvertently caused any problems through our measurement.

What can mail server operators expect?

Mail servers

You can expect that our measurement system will collect a single certificate using a STARTTLS command once a day from a single IP address. We do not send any emails to the mail servers, but just fetch the certificate.

DNS authoritative servers

You can expect that our measurement system will send a single DNS query (TLSA record lookup) once a day from one IP address to fetch TLSA records.

What should I do if the measurement impacts on my infrastructure?

If you think our measurement is impacting your infrastructure adversely, please contact us so that we can try to resolve the problem. We would be highly appreciated if you could send us the following information:

Upon receiving the information above, we will stop sending any queries and fetching certificates from the DNS servers and mail servers.

Response time

We are in the EDT (Eastern Time, UTC-4). We try to answer any request concerning problems within one business day. If you need our urgent attention, please include “[URGENT]” in the subject line of any e-mail you send us.