Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Email Analysis Toolkit (EAST)

Artifacts for the USENIX paper "Why TLS is better without STARTTLS: A Security Analysis of STARTTLS in the Email Context" (Pre-Print) by Damian Poddebniak¹, Fabian Ising¹, Hanno Böck², and Sebastian Schinzel¹. The Fake Mail Server and the Command Injection Tester were peer-reviewed in the USENIX'21 Call for Artifacts.

¹ Münster University of Applied Sciences, ² Independent Researcher

More information about our STARTTLS research can be found here:

Where is the Code?

This repository is a landing page. Head over to the "Email Analysis Toolkit" organization to find the EAST tooling:

Virtual Machine for Client Testing

In addition to the provided code, we provided a Ubuntu-based VirtualBox VM as a GitHub release to ease client testing. This Virtual Machine contains a nested QEMU Virtual Machine with the Thunderbird Version tested in the paper. For further information, see the GitHub releases.