Sometimes you need to find out if a remote mailserver is offering TLS. But how can you check that?
At first you need to find out the MX Server from the email domain. In this example here we will check that for @gmail.com.
1.) Open a CMD (start -> run -> CMD) and type in (in the blackbox you see)
nslookup
2.) after that the system will promp your for input:
C:\Users\adminenclave>nslookup
Default Server:Â fritz.box
Address:Â 192.168.168.1
>
 So type in
 set q=all
 to get all informations.
3.) Now you need to type in the hostname. Since we will check google mail for TLS we need to enter
gmail.com
after some time you will see the following (maybe similar) in your box:
> set q=all
> gmail.com
Server:Â fritz.box
Address:Â 192.168.168.1
Non-authoritative answer:
gmail.com      text =
       "v=spf1 redirect=_spf.google.com"
gmail.com      internet address = 173.194.69.19
gmail.com      internet address = 173.194.69.17
gmail.com      internet address = 173.194.69.83
gmail.com      internet address = 173.194.69.18
gmail.com      nameserver = ns1.google.com
gmail.com      nameserver = ns3.google.com
gmail.com      nameserver = ns4.google.com
gmail.com      nameserver = ns2.google.com
gmail.com      MX preference = 20, mail exchanger = alt2.gmail-smtp-in.l.google
.com
gmail.com      MX preference = 30, mail exchanger = alt3.gmail-smtp-in.l.google
.com
gmail.com      MX preference = 5, mail exchanger = gmail-smtp-in.l.google.com
gmail.com      MX preference = 10, mail exchanger = alt1.gmail-smtp-in.l.google
.com
gmail.com      MX preference = 40, mail exchanger = alt4.gmail-smtp-in.l.google
.com
ns3.google.com internet address = 216.239.36.10
ns4.google.com internet address = 216.239.38.10
ns2.google.com internet address = 216.239.34.10
ns1.google.com internet address = 216.239.32.10
alt3.gmail-smtp-in.l.google.com internet address = 209.85.225.27
gmail-smtp-in.l.google.com     internet address = 173.194.69.27
alt1.gmail-smtp-in.l.google.com internet address = 74.125.127.27
alt4.gmail-smtp-in.l.google.com internet address = 74.125.130.26
alt2.gmail-smtp-in.l.google.com internet address = 173.194.77.27
>
4.) now check for the lowest value from “MX preference” in the example above it is “5”. Copy the value from “mail exchanger” to the clipboard which is “gmail-smtp-in.l.google.com”.
5.) Now open a 2nd CMD and type in:
telnet gmail-smtp-in.l.google.com 25
6.) If you got a connection to the mailserver above you see the follwing now (might be different in your screen):
220 mx.google.com ESMTP fw3si14285515bkc.0
7.) Now you need to introduce yourself. This is done via EHLO <hostname> in our example above we made it a little bit easy and use the google server name itself here.
There are some antispam systems arround there which will not allow that! They will allow a connection only from a real mailserver!
So type in the box the following:
EHLO gmail-smtp-in.l.google.com
8.) After that you should get the following (which might be also different in your screen):
220 mx.google.com ESMTP fw3si14285515bkc.0
EHLO gmail-smtp-in.l.google.com
250-mx.google.com at your service, [78.53.191.255]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
 For us the “STARTTLS” is that what we are looking for. If we can see that, it means the server we are connected to is offering TLS. So for gmail.com it means TLS is offered by at least one primary server. To be sure every server supports TLS we need to do the same steps for the other ones (with lower “MX preference” settings).
