Feature Request: Include TLS Cipher Suites and eccurve information in Email Headers #811
Description
Use case
Displaying information such as the TLS cipher suites and elliptic curves (ECC) negotiated with other SMTP servers in email headers can help us study and understand the adoption of state-of-the-art cryptography in transport. This information can be invaluable for optimizing our configuration over time to ensure stronger and more secure transport over TLS.
How it currently looks in Maddy's and in email headers of other servers including popular service providers
Maddy [for incoming from Fastmail]:
Received: from fout-b3-smtp.messagingengine.com
(fout-b3-smtp.messagingengine.com [202.12.124.146]) by
mail.nixsanctuary.com (envelope-sender x@fastmail.fm) with ESMTPS id
4f52b211; Wed, 07 Jan 2026 12:45:19 +0900
Maddy [for incoming from Gmail]:
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com
[2a00:1450:4864:20::236]) by mail.nixsanctuary.com (envelope-sender
x@gmail.com) with ESMTPS id a7a57637; Sun, 04 Jan 2026 23:01:51
+0900
Proton [for incoming from Maddy]:
Received: from mail.nixsanctuary.com (mail.nixsanctuary.com [158.51.x.x]) (using
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No
client certificate requested) by mailinosl103.protonmail.ch (Postfix) with ESMTPS id
4dmF320HY3z3P for x@protonmail.com; Wed,
7 Jan 2026 04:11:25 +0000 (UTC)
Gmail [for incoming from Maddy]:
Received: from mail.nixsanctuary.com (mail.nixsanctuary.com. [2602:fd6f:100:6a::a])
by mx.google.com with ESMTPS id 41be03b00d2f7-c4cbdd5b9c9si5705685a12.100.2026.01.06.20.15.08
for x@privatxxx.se
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Tue, 06 Jan 2026 20:15:11 -0800 (PST)
Hetzner Exim Server [for incoming from Maddy]:
Received: from mail.nixsanctuary.com ([2602:fd6f:x:x::x])
by www186.your-server.de with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.96.2)
(envelope-from x@manish.xx)
id 1vciUD-000LPj-0M
for x@bluexxx.net;
Mon, 05 Jan 2026 12:10:59 +0100
Microsoft's Outlook [for incoming from Maddy]:
Received: from mail.nixsanctuary.com (2602:fd6f:x:x::x) by
DU2PEPF00028D00.mail.protection.outlook.com (2603:10a6:18:3::6b8) with
Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id
15.20.9478.4 via Frontend Transport; Wed, 7 Jan 2026 04:15:10 +0000
Your idea for a solution
I really like how Proton displays TLS cipher suites and eccurve information in email headers.
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
Maybe we can implement the same in Maddy's email headers for incoming emails.
Thank you!
Regards.