SMTP TLS (Transport Layer Security for email delivery) is a mechanism email servers can use to pass email between themselves in a secure manner. In essence, two servers which both support TLS first establish an encrypted channel of communications and then they pass email through it, ensuring that the messages are secured during transmission between the servers, even if the messages themselves were not already encrypted.

  • Encryption of email during transmission from you to LuxSci
  • Encryption of email during transmission from LuxSci to supporting recipients
  • Message "emerges" from the encrypted channels at the recipient's email server and subsequently appears and behaves like a "normal email message".

SMTP TLS is great when your recipients email servers support it. However, many recipient's servers do not (how to tell, TLS support checker tool) — for these, other modes of SecureLine, such as Escrow, will be automatically used when encryption is required.

Opportunistic TLS and Forced TLS

Opportunistic TLS
Email message is delivered to the recipient server over a TLS-secured channel if the recipient server supports it. If not, the message is delivered over an unsecured channel.

All messages sent by all LuxSci users (including those not using SecureLine encryption) always employ "Opportunistic TLS", unless "Forced TLS" is in use.

Forced TLS
Email message is delivered to the recipient server over a TLS-secured channel if the recipient server supports it. Otherwise, the message is automatically sent via Escrow or PGP or S/MIME to ensure that the message content is never delivered insecurely.

With SecureLine, you can take advantage of the simplicity of TLS encryption when it is possible and know that security will "fall back" to another method when it is not possible or when the recipient's servers no longer support it.

Forced TLS for Banks

When communicating with many companies (such as banks), "Opportunistic TLS" is insufficient. These organization REQUIRE you to never send them email if it is insecure, even if that is because their own servers are broken. "Forced TLS" handles this.

If you communicate with an organization, like Bank of America, that requires enforced TLS (but where you do not otherwise need to use SecureLine encryption services), LuxSci can ensure that all email to that organization goes over TLS or is never sent. SecureLine licenses are not even required for this — only an official request for that from your recipients.

SecureLine SMTP Forced TLS Features

Meets HIPAA Requirements
Use TLS automatically if the recipient's server support's it?
Never send messages insecurely to servers not supporting TLS?
Never send messages insecurely to servers with broken TLS?
Never use TLS with servers providing weak (less than 128bit) encryption?
Encrypt messages from you to LuxSci servers?
Encrypt messages from LuxSci servers to your recipient's servers?
Messages appear in the recipient's INBOX like other normal email messages?
Send from LuxSci WebMail?
Send from any SMTP program or device (e.g. Outlook, Thunderbird, iPhone)?

eBook — HIPAA-compliant Email Basics

Safeguarding your healthcare practice and protecting patient privacy

Book 1 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

Get the HIPAA eBook

What People Say About LuxSci