SMTP TLS: All About Secure Email Delivery over TLS
TLS stands for “Transport Layer Security” and is the successor of “SSL” (Secure Socket Layer). TLS is one of the standard ways that computers on the internet transmit information over an encrypted channel. In general, when one computer connects to another computer and uses TLS, the following happens:
- Computer A connects to Computer B (no security)
- Computer B says “Hello” (no security)
- Computer A says, “Let’s talk securely over TLS” (no security)
- Computer A and B agree on how to do this (secure)
- The rest of the conversation is encrypted (secure)
- The meat of the conversation is encrypted
- Computer A can verify the identity of Computer B (by examining its SSL certificate, which is required for this dialog)
- The conversation cannot be eavesdropped upon (without Computer A knowing)
- A third party cannot modify the conversation
- Third parties cannot inject other information into the conversation.
TLS and SSL are used for many different reasons on the internet and help make the internet a more secure place. One of the popular uses of TLS is SMTP for securely transmitting email messages between servers. See also:
Secure Email Delivery over TLS with SMTP
The mechanism and language (i.e., protocol) by which one email server transmits email message(s) to another email server is called SMTP (Simple Mail Transport Protocol). For a long time, email servers have had the option of using TLS to transparently encrypt the message transmission from one server to the other.
Use of TLS with SMTP, when available, ensures that the message contents are secured during transmission between the servers.
Not all servers support TLS!
The use of TLS requires that the server administrators:
- purchase of one or more SSL certificates
- configure the email servers to use them (and keep these configurations updated)
- allocate additional computational resources on the email servers involved.
For these reasons, many email providers, especially free or public ones, have not supported TLS. Over the last five years, however, the trend has been to add TLS everywhere. Now, most providers support TLS — 82.3% of domains tested as of July 2018.
For TLS transmission to be used, the destination email server must “advertise” support for TLS (see: How to Tell Who Supports TLS for Email Transmission), and the sending computer or server must be configured to use TLS connections when possible.
The sending computer or server could be configured for:
- No TLS — never use it.
- Opportunistic TLS — use it if it is available; if not, send insecurely.
- Forced TLS — use TLS or do not deliver the email at all
How Secure is Email Delivery over SMTP TLS?
TLS protects the transmission of the content of email messages. It does nothing to protect the security of the message before it is sent or after it arrives at its destination. For that, other encryption mechanisms may be used, such as PGP, S/MIME, or storage in a secure portal.
However, transmission security is all that is minimally required of many organizations (i.e., banks and healthcare) when sending to customers. In such situations, enforced use of TLS is an excellent alternative to more robust and less user-friendly encryption methods (like PGP and S/MIME) and can prevent the insecure delivery of email.
The transmission itself is as secure as can be negotiated between the sending and receiving servers. If they both support strong encryption (e.g., AES 256), then that will be used. If not, a weaker grade of encryption may be used. The sending and receiving servers can choose what kinds of encryption they will support — and if there is no overlap in what they support, then TLS will fail (this is rare).
There are other deficiencies in how SMTP TLS is implemented in practice by most email servers on the internet. For example, TLS certificates are generally not validated, leaving SMTP TLS open to active man-in-the-middle attacks. For more information, see Stronger Email Security with Strict Transport Security.
What about Replies to Secure Messages?
Let’s say you send a message to someone that is delivered to their inbox over TLS. That person then replies to you. Will that reply be secure? This may be important if you are communicating sensitive information. The reply will use TLS for security only if:
- The recipient’s servers support TLS for outbound email (there is no way to test this externally).
- The mail servers (where the “From” or “Reply” email address is hosted) support TLS for inbound email.
- Both servers support overlapping TLS ciphers and protocols so they can agree on a mutually acceptable means of encryption.
Unless familiar with the providers in question, it cannot be assumed that such replies will use TLS. There are two ways of looking at this problem:
- Conservatively. If replies must be secure in all cases, then assuming TLS will be used is not a reasonable assumption. In this case, a service should be used (like SecureLine Escrow) whereby the messages are encrypted and stored in a secure portal. The recipient must go there to view the message and reply securely. Or set up PGP or S/MIME for additional security.
- Aggressively. In some compliance situations like HIPAA, it can be argued that it is up to the sender to send messages securely if needed. While doctors need to ensure that ePHI is sent securely to patients, patients are not beholden to HIPAA and can send their information insecurely to anyone they want. So, if the patient’s reply is insecure, that could be okay. If the recipient is another organization that falls under the HIPAA umbrella, then it is up to them to ensure that everything they send (e.g., their replies) is secure. For these reasons, and because using TLS for email security is so “easy,” many do not worry about the security of email replies. However, this should be a “Risk Factor” that you consider in any internal security audit. Is the risk of insecure replies worth the possible data exposure in your organization’s practices. If you fall under HIPAA, are you encouraging insecure replies?
What is new with SMTP TLS?
SMTP TLS has been around for a long time and has recently seen a great deal of adoption. However, it has some deficiencies:
- There is no mandatory support for TLS in the email system;
- A receiver’s support of the SMTPTLS option can be trivially removed by an active man-in-the-middle because TLS certificates are not actively verified. In such cases, opportunistic TLS will deliver messages securely, and forced TLS will not deliver the message.
- Encryption is not used if any aspect of the TLS negotiation is undecipherable/garbled. It is very easy for a man-in-the-middle to inject garbage into the TLS handshake (which is done in clear text) and have the connection downgraded to plain text (opportunistic TLS) or have the connection fail (forced TLS).
- Even when the SMTP TLS is offered and accepted, the certificate presented during the TLS handshake is usually not checked to see if it is for the expected domain and unexpired. Most MTAs offer self-signed certificates as a pro forma. Thus, in many cases, one has an encrypted channel to an unauthenticated MTA, which can only prevent passive eavesdropping. Why? Because this is still better than plain text email delivery.
There are new solutions that help remedy these issues. For example, SMTP Strict Transport Security. SMTP STS enables recipient servers to publish in DNS information about their SMTP TLS support. This prevents man-in-the-middle downgrades to plain text delivery, ensures more robust TLS protocols are used and can enable certificate validation. Unfortunately, SMTP STS is still only an internet draft specification and is not yet widely used. Fortunately, enabling SMTP STS does not hurt compatibility with systems that do not yet support it.
What about Secure Email Delivery over TLS at LuxSci?
LuxSci inbound email servers support TLS for encrypted inbound email delivery from any sending email provider that also supports that.
For selected organizations, e.g. Proofpoint, LuxSci also locks down its servers so that it only accepts email from them if its is delivered over TLS.
Outbound Opportunistic TLS.
LuxSci outbound email servers will always use TLS with any server that claims to support it and with whom we can talk TLS v1.0+ using a strong cipher. If the TLS connection to such a server server fails (due to misconfiguration or no security protocols in common), the message will not be sent.
Outbound opportunistic TLS encryption is automatic for all LuxSci customers, even those without SecureLine.
Support strong encryption, up to AES 256 and better
LuxSci servers will use the strongest encryption supported by the recipient’s email server that is also considered strong. LuxSci servers will never employ an encryption cipher that uses less than 128 bits (they will failed to deliver rather than deliver via an excessively weak encryption cipher) and they will never use SSL v2 or SSL v3.
LuxSci servers use “Forced TLS” with recipient servers that support TLS if email is being sent to those servers from any SecureLine account using TLS-Only delivery services (outbound email or forwarding). This ensures that messages will never be delivered to such servers, even in the case that they stop supporting TLS suddenly.
Forced TLS is also in place for all LuxSci customers sending to banks and organizations that have requested that we globally enforce TLS to their servers.
Does LuxSci have any other Special TLS Features?
When using SecureLine for outbound email encryption:
- SMTP MTA STS: LuxSci’s own domains support SMTP MTA STS, and LuxSci’s SecureLine encryption system leverages STS information about recipient domains to improve connection security.
- Try TLS: Account administrators can choose to have secure messages “try TLS first” and deliver that way. If TLS is not available, the messages would fall back and use more secure options like PGP, S/MIME, or Escrow. Email security is easy, seamless, and automatic when communicating internally or with others who support TLS.
- TLS Exclusive: This is a special LuxSci-exclusive TLS sending feature. TLS Exclusive is just like Forced TLS, except that messages that can’t go TLS are just dropped. This is ideal for low-importance emails that must still be compliant. E.g., email marketing email in healthcare. In such cases, the ease of use of TLS is more important than the actual receipt of the message.
- TLS Only Forwarding: Account administrators can restrict any server-side email forwarding settings in their accounts from allowing forwarding to any email addresses which do not support TLS for email delivery.
- Encryption Escalation: Often, TLS is suitable for most messages, but some messages need to be encrypted using something better (e.g., forcing recipients to pick up the message in a secure portal). LuxSci allows users to escalate the encryption from TLS to Escrow with a click (in WebMail) or by entering particular text in the subject line (for messages sent from email programs like Outlook).
- When TLS delivery is enabled for SecureLine accounts, messages will never be insecurely sent to domains that purport to be TLS-enabled. I.e., TLS delivery is enforced and no longer “opportunistic.” The system monitors these domains and updates their TLS-compliance status daily.
- Double Encryption: Messages sent using SecureLine and PGP or S/MIME will still use Opportunistic TLS whenever possible for message delivery. In these cases, messages are often “double encrypted.” Encrypted first with PGP or S/MIME, that secure message may be encrypted again during transport using TLS.
- No Weak TLS: Unlike many organizations, LuxSci’s TLS support for SMTP and other servers only supports those protocol levels (e.g., TLS v1.0+) and ciphers recommended by NIST for government communications and which are required for HIPAA. So, all communications with LuxSci servers will be over a compliant implementation of TLS.
For customers whose security or compliance needs allow TLS to be an acceptable form of email encryption, it enables seamless security and “use of email as usual” security. SecureLine with Forced TLS enables clients to take advantage of this level of security whenever possible while automatically falling back to other methods when TLS is unavailable.
Of course, the use of Forced TLS as the sole method of encryption is optional; if your compliance needs are more substantial, you can disable TLS-Only delivery or restrict it so that it is used only with specific recipients.