PerfectMail™ Antispam/Antivirus is a simple, accurate, and easy to use solution! FOLLOW US :
Toll Free: +1 888-451-3131
+1 905-451-9488

Thursday, November 22, 2012, 16:20

Enforcing TLS Encryption on Mail Traffic

Category: General

Solution ID: 00000188


How can I force TLS encryption on mail traffic to guarantee e-mail is being encrypted?


This can easily be configured using the Force Encrypt page (Domain Admin => Force Encrypt) on the PerfectMail User Interface.

When an e-mail message is sent between two mail servers, the sending server contacts the receiving server to begin a negotiation. Part of that negotiation is how the message will be sent by the sender to the receiver. The two domains start by trying to negotiate an encrypted connection using TLS/SSL. If the two servers fail to negotiate an encrypted connection, they will negotiate a plain text connection. The e-mail is sent once an encrypted or plain text connection has been negotiated.

PerfectMail Force Encrypt Feature

The behavior between PerfectMail™ and domains listed in the Force Encrypt table begin in the same manner as normal e-mail exchange. However, if the mail server hosting the external domain fails to negotiate an encrypted connection, PerfectMail will not allow the unencrypted message to be sent. The sender will receive an SMTP response message indicating that the message could not be sent.

When To Use Force Encrypt

It is possible for third parties to "listen in" on traffic between e-mail servers (domains). An e-mail that is sent in plain text provides no privacy for the sender or the receiver. If you have particularly sensitive data (e.g. financial or personal) that is regularly exchanged with a particular domain, you should have PerfectMail™ enforce an encrypted connection for all e-mail transmissions concerning that domain.

How To Configure Force Encrypt

To force encrypt e-mail traffic with an external domain; enter the domain, one entry per line, in the Force Encrypt Table of the PerfectMail user interface (Domain Admin => Force Encrypt). You may use domain names, IP addresses and IP address ranges.

For example:

Tags: configuration, settings, security, tls, ssl, encryption, forcing, enforcing, validating

See Also:

Link to this article: kb/enforcing_tls_email_encryption

Updated: Thursday, November 22, 2012, 16:20

-- David Rutherford


No comments yet.


Last modified: 2012-11-22, 16:20

© 1999-2013 PerfectMail