R.A. Plecas posted this on June 1, 2015, 15:16
MailRoute’s team built the first cloud-based email filtering company, which we sold to Microsoft in 2005. Then we built MailRoute, an improved version of the original. After nearly 20 years in this industry, we offer email protection based on what we consider to be best practices, including using TLS to encrypt mail.
We are HIPAA and ITAR compliant, and sign BAA’s with our many customers who are in the healthcare industry.
MailRoute supports full "opportunistic" TLS - it's automatic and it requires no configuration on our end.
What is "TLS"?
TLS stands for "Transport Layer Security". It's a way of encrypting data over the internet to provide for secure end-to-end communications. If you really want to get into the details, check out Wikipedia's article on TLS.
What is TLS for email?
TLS provides certificate-based authentication and encryption between any two email servers that are so configured. All communications between the two servers are secure, preventing eavesdropping and tampering.
How does MailRoute support TLS?
MailRoute uses "opportunistic" TLS. This means that we advertise that we support it, and we turn it on whenever an email server we are talking to advertises its availability as well. Here's a simplistic explanation:
When a sending mailserver connects to us, we tell it that we support TLS. Our two servers then exchange encryption keys, and switch to a secure form of communication.
When we connect to an outside mailserver to relay an outbound message, we look for TLS support on that server, and if it's there, we use that.
The end result is that any communication between MailRoute and any other server that supports TLS will be secure. And there's no additional configuration required on the MailRoute end.
Do I need to do something on my email server to support TLS?
Yes, you do. You need to acquire the appropriate certificates, install them on your email server, and configure it to use TLS. How you do this depends on your email server. Here are some links to help you configure it on your end: