" Forced TLS Archives - LuxSci

Posts Tagged ‘Forced TLS’

Opportunistic TLS for SMTP

Tuesday, December 15th, 2020

If you want to make sure your emails are secure and private, opportunistic TLS for SMTP won’t quite cut it. To explain why, first we have to step back a bit.

Most people don’t put a lot of thought into how their emails are sent and received, so it’s not unusual for them to think it works akin to teleportation or magic–that messages somehow just appear right in their inboxes.

While the rapid delivery speeds may seem to justify such presumptions, there are actually a bunch of steps under the hood. When you send an email, it uses a protocol called the Simple Mail Transfer Protocol (SMTP) to make its way through to your recipient’s server. From there, your recipient uses another protocol such as ActiveSync, POP3, MAPI, or IMAP, or a Web-based interface, to pick it up and read it.

Opportunistic TLS

Unfortunately, these aren’t always secure by default. Under its original design, emails are sent as plaintext. This means that anyone along the email’s journey can see (and even change) their contents. This can include those in charge of the servers, the government, and even hackers that intercept the data.

Thankfully, engineers weren’t completely oblivious to this glaring security hole, and they have introduced a number of mechanisms that can be leveraged to protect email.

Read the rest of this post »

Who does not support SMTP TLS for Secure Inbound Email Delivery?

Thursday, November 7th, 2013

We are frequently asked who supports TLS  to secure inbound email delivery. This is especially important for customers who need to be HIPAA-compliant, as email transport encryption over TLS is sufficient for HIPAA-compliant communications to end-users, so long as the TLS is configured to be sufficiently strong.

While it is possible to tell who supports TLS, it is somewhat technical to do it yourself. So, we have assembled a table with many of the most popular free and public email domains in use across the internet. We indicate which currently (as of July 8, 2022) supports SMTP TLS for inbound email.

The results are surprising. A majority of domains these days do support TLS. With Microsoft’s recent TLS implementation on its email domains (hotmail.com/live.com/outlook.com), this rounds out consistent TLS support (for inbound delivery–outbound may or may not be supported) for all of the most popular free email providers (e.g., aol.com, gmail.com yahoo.com, hotmail.com).

Note: lists below have been updated as of 7/8/22.

Read the rest of this post »