How Can You Tell if an Email Was Transmitted Using TLS Encryption?
Tuesday, October 29th, 2019
Frequently, we are asked to verify if a sent or received email was encrypted using SMTP TLS during transmission. For example, banks, healthcare organizations under HIPAA, and other security-aware institutions require that emails be secured by TLS encryption.
Email should always be transmitted with this basic level of email encryption to ensure that the email message content cannot be eavesdropped upon. To see if a message was sent securely, looking at the raw headers of the email message in question is easy. However, it requires some knowledge and experience to understand the text. It is actually easier to tell if a recipient’s server supports TLS than to tell if a particular message was securely transmitted.
To analyze a message for transmission security, we will look at an example email message sent from Hotmail to LuxSci. We will see that Hotmail did not use TLS when sending this message. Hotmail is not a good provider to use when security or privacy are required.
Read the rest of this post »
Email and other data are either being “transmitted” or “processed” or are “at rest.” I.e., it is moving from one computer to another, stored/at rest on a computer, or preparing to be transmitted or stored.
