SMTP TLS (Transport Layer Security for email delivery) is a mechanism email servers can use to pass email between themselves in a secure manner. In essence, two servers which both support TLS first establish an encrypted channel of communications and then they pass email through it, ensuring that the messages are secured during transmission between the servers, even if the messages themselves were not already encrypted.

  • Encryption of email during transmission from you to LuxSci
  • Encryption of email during transmission from LuxSci to supporting recipients
  • Message "emerges" from the encrypted channels at the recipient's email server and subsequently appears and behaves like a "normal email message".

SMTP TLS is great when your recipients email servers support it. However, some recipient's servers do not (how to tell, TLS support checker tool) — for these, other modes of SecureLineTM, such as Escrow, will be automatically used when encryption is required.

Opportunistic TLS and Forced TLS

Opportunistic TLS
Email message is delivered to the recipient server over a TLS-secured channel if the recipient server supports it. If not, the message is delivered over an unsecured channel.

All messages sent by all LuxSci users (including those not using SecureLineTM encryption) always employ "Opportunistic TLS", unless "Forced TLS" is in use.

Forced TLS
Email message is delivered to the recipient server over a TLS-secured channel if the recipient server supports it. Otherwise, the message is automatically sent via Escrow or PGP or S/MIME to ensure that the message content is never delivered insecurely.
TLS Exclusive
A LuxSci-exclusive TLS sending feature. TLS Exclusive is just like Forced TLS, except that messages that can't go TLS are just dropped. This is ideal for low-importance email that must still be compliant. E.g., email marketing email in healthcare. In such cases, the ease of use of TLS is more important than the actual receipt of the message.

With SecureLineTM, you can take advantage of the simplicity of TLS encryption when it is possible and know that security will "fall back" to another method when it is not possible or when the recipient's servers no longer support it.

Forced TLS for Banks

When communicating with many companies (such as banks), "Opportunistic TLS" is insufficient. These organization REQUIRE you to never send them email if it is insecure, even if that is because their own servers are broken. "Forced TLS" handles this.

If you communicate with an organization, like Bank of America, that requires enforced TLS (but where you do not otherwise need to use SecureLineTM encryption services), LuxSci can ensure that all email to that organization goes over TLS or is never sent. SecureLineTM licenses are not even required for this — only an official request for that from your recipients.

SecureLineTM SMTP Forced TLS Features

Feature
Meets HIPAA Requirements
Use TLS automatically if the recipient's server support's it?
Never send messages insecurely to servers not supporting TLS?
Never send messages insecurely to servers with broken TLS?
Never use TLS with servers providing weak (less than 128bit) encryption?
SMTP MTA-STS support?
Encrypt messages from you to LuxSci servers?
Encrypt messages from LuxSci servers to your recipient's servers?
Messages appear in the recipient's INBOX like other normal email messages?
Send from LuxSci WebMail?
Send from any SMTP program or device (e.g. Outlook, Thunderbird, iPhone)?
TLS Exclusive (optional)

eBook: HIPAA-compliant Email Basics

Safeguarding your healthcare practice and protecting patient privacy

Book 1 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

Get the HIPAA eBook

We were looking for a reliable host, with emphasis on securing our client's data, and LuxSci was a great fit. The LuxSci team is superb with their support, always quick, very responsive and highly professional. The server itself is robust and fast. And most importantly, it provides the level of security we were looking for."

Nicole Hiegl . Site administrator, skinpick.com and trichstop.com