Toggling Between TLS-Only and More Secure Encryption Methods
There are many ways to send an email securely. These range from the super-easy-to-use but less secure “TLS” method (see About SMTP TLS) to the universal “pick it up on a secure portal method” (that we call Escrow), to the very secure but harder to deal with PGP and S/MIME methods.
Many people like to use just TLS for email transmission security whenever possible, simply because it is so easy for everyone to use — you can encrypt everything, using TLS when possible and Escrow when TLS is not supported by your recipients.
However, if you have compliance needs or deal with sensitive information, there are many situations where you may like to “jack up” the level of encryption from just enforced TLS to TLS if possible plus one of the other methods … one that is more secure and which provides for encryption at rest. (See: Is Email Encryption via Just TLS Good Enough for Compliance with Government Regulations?)
Disabling “Just TLS” on a per-message basis is quite easy with LuxSci.
When sending a message via LuxSci WebMail, you can disable “Just TLS” as a valid encryption scheme by:
- Be sure your are composing an encrypted message — you should see a locked “padlock” icon at the top of the compose screen:
- Click on the Settings Menu icon:
- Select the option “Use Escrow instead of TLS Only”
From that point on, some other form of encryption (Escrow or PGP or S/MIME) will be used for all recipients of this message. PGP and S/MIME would only be chosen if public keys are available for them; Escrow is used otherwise.
You can perform a similar trick when sending a message from any email program or mobile device — no plugins are needed.
Simply add the text “+encrypt+” to the subject line of your email message (it conceptually means “encrypt more”) and send.
- SecureLine will process and begin encrypting your message
- It will detect this content in the subject
- This content will be removed from the subject
- TLS Only encryption will not be used for any of the recipients of this message.
This work in the same way that the selection of stronger encryption works in WebMail — you specify on a per-message basis when this is needed and Escrow, PGP, or S/MIME are then used for all recipients of the message, as appropriate.
Note — if you don’t like the default trigger text “+encrypt+”, you can customize this to be anything that you want either account-wide or on a per-domain basis in your SecureLine configuration pages.