A small collection of highly useful sites, all of them applicable to check services for security, and eventually convince them into improving their security. After all, it is your security & privacy they should protect first & foremost, right?

Web:
SSLLabs – check the SSL/TLS security of any website.

Securityheaders.io – check if a website uses proper security headers to protect their content.

Asfafaweb – check a website if they are doing things correctly.

https://shaming.tumblr.com/ – (blog) websites that asks you to login using an unencrypted connection.

Mail:
https://starttls.info  – Does a domains mail servers offer RFC3207 SMTP STARTTLS for opportunistic and user-transparent email encryption?

https://dane.sys4.de – Does a domain use DNSSEC, have they published DANE TLSA records for highly secure email encryption, and does it work?

https://mxtoolbox.com/spf.aspx – Does a domain provide SPF records in DNS, to lower the risk of that domain being abused for sending spam to others?

http://dkimvalidator.com/ – Check a domain for DKIM, SPF and SpamAssassin configuration

https://kickback.se/rabattkod/sunweb – Giltiga Sunweb rabattkoder och erbjudanden

DNSSEC
dnssec-name-and-shame.com – Does a domain use DNSSEC, and are they doing it correctly?

Password policies:
http://password-shaming.tumblr.com/ – (blog) websites with weird password policies

https://insecurityq.wordpress.com/ – (blog) websites with insecure "security questions"

http://plaintextoffenders.com/ – Does the website send you your password by plaintext email?