Secure Email

The Red Arrow

Email security has three obvious parts: your end, their end, and the Internet in the middle. You control your end, they control their end, but that middle part is "cloudy" (pardon the pun).

Organizations know they need that "cloudy" part to be secure, but many ignore the problem because they think it's hard and/or they don't know how to get started.

Internet Email Security May Be Easier Than You Think

Most email systems can encrypt email in compliance with US NIST, HIPAA, HITECH, PCI DSS, Sarbanes-Oxley, GLBA, SB1386, SEC 17a-4, NASD3010, FRCP, FINRA, etc. Check yours:

(You may need to whitelist we will not keep or use your address, see our privacy policy)

If your Confidence Factor℠ was 90 or better, your email has the necessary strong encryption required by these security standards. All you have to do is make sure your email is using that encryption.

If your Confidence Factor℠ was less than 90, you're in the right place. The tools and information on this site will help you get there. See Solve Email Problems for more information.

Email Security Compliance May Be Easy Too

As long as your existing email uses strong enough encryption to communicate Protected Information over the Internet, it meets your security compliance requirements. So once you know your email can do the required strong encryption, you just have to make sure it does.

Verified TLS℠

Verified TLS℠ makes sure your email uses and continues to use encryption. Verified TLS℠ makes your existing email security compliant.

Required or Not, Secure Email is Important

Even if your organization is not required to comply with one of the listed rules and regulations, you certainly communicate information you do not want just anyone to see. Use Verified TLS℠ to make sure your email is protected.

Yes, There is More

The test above scores how well your email system receives email. How well does it send email? How about where you send sensitive information: your customers and vendors. How well do they receive your emails?

See Secure Email Compliance for more information.

And, back to the Red Arrow, we realize that your part, your green arrow above, has data encryption at rest, data retention, data protection, data destruction, and other ramifications. We just make Secure Email Internet Transport easy. We are the Red Arrow.

CheckTLS Offers

Commercial Services are a very low cost solution for HIPAA compliance or other security mandates. No devices, no on-line services — just add verification and audit to your existing email systems!

Email Tools are quick and easy tools to test email and email security, specifically TLS encryption.

Cloud Tools are network "wire" tools that we have invented to work "in the cloud". Capture packets or analyze protocols out on the Internet.

Web Service API lets you use CheckTLS in your own data processing.

Embed API lets you put CheckTLS on your own intranet or public web site.

Much of our site is free for casual, non-commercial use.

Commercial Services


We are part of the security policies and operations of some very large and prestigious financial institutions, health care systems, insurance companies, and law firms. Why? Two reasons: our tests work and we save them money!

Secure Your Company Email

You can use CheckTLS instead of expensive email appliances or on-line email services to meet internal security requirements, contractual security requirements, and government security requirements. One less moving part in your email chain and one less expense. Our tests are a very inexpensive answer to PHI (HIPAA/HITEST), PCI-DSS, PII, US NIST requirements.

If you already have extra in-line or on-line email security, CheckTLS can verify they're working and monitor them to be sure they keep working. A few extra bucks a month to make sure all that sophisticated stuff is working.

Protect Your Company from Your Business Partners

Use CheckTLS to make sure your trading partners are secure enough to do business with you. As part of your new vendor and new customer process, verify that their email scores a Confidence Factor of 90 or above on our receiver test.

Broadly Applicable

Whether you are a small shop that needs something simple and low cost, a medium business that needs to beef up security to meet increasing scrutiny by your trading partners, or an enterprise organization that wants some oversight of many security facets, CheckTLS can solve many of your security challenges faster, easier, and at significantly less cost.


Our tests are non-invasive, non-intrusive, and non-obtrusive. They require no changes to your or any other system. They cause no extra processing and should not trip any security alarms.


Our tests are simple, open, and proven. For six years we have been doing over a million tests a year. We research all questionable results, and we welcome feedback and suggestions. You can turn up the detail and audit everything we do.

Business Benefits
  • Email security at low cost, easy install, no risk
  • Safeguard "Protected" information: PHI, PCI, PII, etc.
  • Monitor your email from the Internet
  • Add regular, independent verification to your Security Policy
  • No changes to your email: no devices or routing
  • Good first step into email security
  • Good next step no matter how advanced your security devices and services
  • Demonstrates effort and consideration of security
  • We can help with your security designs and documentation
Business Users Have Priority
  • Run tests faster and at a higher priority
  • Program multiple tests, save them, and run them on a schedule
  • Monitor CheckTLS and your email (fail-safe monitoring)
  • Add custom test and/or monitor icons on your desktop or your phone
  • Use the CheckTLS API to automate testing and interface with your IT
  • Receive unlimited support
  • Meet requirements for Protected Information (PHI, PCI, PII, NIST, etc.)
  • Assistance and sample language for HIPAA and other compliance

Sleep better knowing someone else is watching over your email.

Email and Cloud Tools