Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

36) Has your organisation configured its email services to use enforced TLS?

August 30, 2022
IT Operations
Email Security

Answer yes if your organisation has implemented enforced TLS on all of its email services. If not, please state in the notes whether or not opportunistic TLS is implemented instead.

What is it?

There are a variety of protocols used in the transmission, routing, and reception of email. By default, most are unencrypted meaning emails travel over the network, including the internet, in clear text and can be read by anyone with visibility to the network segments over which they travel.

TLS stands for Transport Layer Security and provides an additional layer of security by adding encryption. It can be used in conjunction with a number of communication protocols including those used with email.

Why should I have it?

By implementing TLS, you ensure that emails are sent within an encrypted envelop between client to server(s) and then to the recipient client.

However, this is only effective if the encryption is used. Since most email protocols are natively unencrypted, many email servers and clients will accept unencrypted connections. It’s therefore essential to configure email servers (and clients, where possible) to only accept encrypted connections and not accept unencrypted ones. Without this, email could still be transmitted to and from your domain without encryption, even though you have the capability, and still be readable to people over the network, putting your and clients’ information contained in those emails at risk.

How to implement the control

Quite simply, whatever email protocols and platform(s) you use, implement a policy to enforce the use of TLS in your system configurations making sure that unencrypted connections are not possible.

This approach should be used for all otherwise unencrypted protocols.

There are numerous consultancies or individual consultants that will be able to assist in crafting a policy and implementing TLS in a way that meets your business and technical requirements. Please message us if you would like a recommendation.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.