Thursday, November 22, 2012, 16:20
Solution ID: 00000188
How can I force TLS encryption on mail traffic to guarantee e-mail is being encrypted?
This can easily be configured using the Force Encrypt page (Domain Admin => Force Encrypt) on the PerfectMail User Interface.
When an e-mail message is sent between two mail servers, the sending server contacts the receiving server to begin a negotiation. Part of that negotiation is how the message will be sent by the sender to the receiver. The two domains start by trying to negotiate an encrypted connection using TLS/SSL. If the two servers fail to negotiate an encrypted connection, they will negotiate a plain text connection. The e-mail is sent once an encrypted or plain text connection has been negotiated.PerfectMail Force Encrypt Feature
The behavior between PerfectMail™ and domains listed in the Force Encrypt table begin in the same manner as normal e-mail exchange. However, if the mail server hosting the external domain fails to negotiate an encrypted connection, PerfectMail will not allow the unencrypted message to be sent. The sender will receive an SMTP response message indicating that the message could not be sent.When To Use Force Encrypt
It is possible for third parties to "listen in" on traffic between e-mail servers (domains). An e-mail that is sent in plain text provides no privacy for the sender or the receiver. If you have particularly sensitive data (e.g. financial or personal) that is regularly exchanged with a particular domain, you should have PerfectMail™ enforce an encrypted connection for all e-mail transmissions concerning that domain.How To Configure Force Encrypt
To force encrypt e-mail traffic with an external domain; enter the domain, one entry per line, in the Force Encrypt Table of the PerfectMail user interface (Domain Admin => Force Encrypt). You may use domain names, IP addresses and IP address ranges.
their_domain.com 188.8.131.52 184.108.40.206/24
Tags: configuration, settings, security, tls, ssl, encryption, forcing, enforcing, validating
Link to this article: kb/enforcing_tls_email_encryption
Updated: Thursday, November 22, 2012, 16:20
-- David Rutherford