Tag: TLS

Secure email transfers rely not only on the security of the connection between the email client and the email server but also on secure connections between servers. Many popular and often free email services offer secure end user interfaces (e.g. GMAIL), but neglect to secure back end communication. That means that emails sent to or from the service’s mail servers are transmitted in plain text. While this probably doesn’t matter to most people, it is the equivalent of keeping your mailbox at home secured with a double-lock, but sending and receiving postcards that everyone along the way would be able to read.

To secure the server to server transfer of emails, the provider needs to enable a technology called Transport Layer Security (TLS). Using this requires more processing power and bandwidth than plain text emails, which is why many email providers try to reduce operating costs by not enabling this feature.

To check if your email address or the email address of a contact is secure, go to: www.ismymailsecure.com, enter your address then click “Submit Query”.

An example of a secure address is: [email protected], an example of an insecure address is [email protected].

NOTE: As this is a 3rd party service, we recommend against entering your full address. If your address is ‘[email protected]‘ you should enter a random address before the @ sign, for example: [email protected].

TLS (Transport Layer Security) is the mechanism by which two email servers, when communicating, can automatically negotiate an encrypted channel between them so that the emails transmitted are secured from eavesdroppers.

It is becoming ever more important to use a company that supports TLS for email transmission as more and more banks, health care, and other organizations who have any kind of security policy are requiring their vendors and clients to use this type of encryption for emailed communications with them. Additionally, if your email provider supports TLS for email transmission, and you are communicating with people whose providers do also, then you can be sure that all of the email traffic between you and them will be encrypted.

How do you find out if someone to whom you are sending email uses a provider who’s servers support TLS-encrypted communications? We will take you through the whole process step-by-step, but first let us note some important truths about TLS connection encryption.

1. The use of TLS encryption is negotiated/determined each and every time two servers connect to each other to transmit your email.
2. Just because a server supports TLS today, does not mean that it will tomorrow — server configurations can change and mistakes can be made.You can, however, be sure that an email will never be sent to someone without TLS – see Enforcing Email Security with TLS when Communicating with Banks.
3. If your email is passed between more than one server, then the security of each server-to-server connection along the way needs to be negotiated separately.
4. Only the recipient’s externally facing email servers can be checked for TLS support. There is no way of checking the back-end servers of a service provider’s email system to make sure TLS is supported all the way to delivery to the recipient’s mailbox.
5. Even if the sender’s email servers and the recipient’s email servers are configured to use TLS, both parties still need to configure their email clients to connect securely to their respective servers (for the initial sending of the message, and for the final download and viewing of the message) in order to ensure that the email message is transmitted securely during its entire trek from sender to receiver.

Continue reading “How to tell if a server support TLS for secure email transmission”