Transport Layer Security (TLS)

What is TLS?
TLS, an acronym for Transport Layer Security, is a feature of mail servers that encrypts the transmission of electronic mail from one server to another.

unencrypted messages increases the risk that messages can be intercepted or altered.

TLS security technology is designed to protect confidentiality and data integrity by encrypting e-mail messages between servers and reduces this risk. TLS is a widely recognized standard issued by the Internet Engineering Task Force (IETF) for securing transmitted data and is now supported on most commercial mail servers.

How does TLS work?
When TLS is enabled on the mail servers of both the sender and the receiver of the e-mail, information exchanged between the servers is encrypted in a format that encodes plain text into non-readable form.
Mail servers use Simple Mail Transfer Protocol (SMTP) to send and receive messages. When sending encrypted messages,
mail exchange works as follows:
* Each company’s e-mail gateway is configured to enable TLS communications for SMTP traffic.
* When the sending party (client) connects to the receiving party (server), the sending party checks whether TLS services are offered
* If the receiver offers TLS services, the sender initiates a TLS handshake. The server sends its TLS certificate to the client.
* If the sender trusts the certificate of the receiver, a TLS session encryption key is negotiated, the TLS session starts, and the SMTP message is transmitted.

Why is TLS so important?
Sending unencrypted messages increases the risk that messages can be intercepted or altered.

TLS security technology automatically encrypts e-mail messages between servers thereby reducing the risk of eavesdropping, interception, and alteration.

What are the benefits of using TLS?
• Protection. E-mail servers can be configured to enforce TLS encryption between named parties and confidential information can be exchanged with reduced risk of
eavesdropping or interception.
• Every e-mail sent and received is encrypted. When TLS is enforced, no individual review or decision is required to determine whether or not to encrypt an e-mail based on the email’s
content.
• E-mail encryption is transparent to both the sender and the receiver. Both parties send and read e-mails the same way as they do today.
• TLS is globally accepted and currently available on most, if not all, e-mail servers.
• Industry Standard. There is a growing trend among financial institutions to use TLS. These institutions have already implemented TLS or they plan to convert to TLS by year-end.
• E-mail can be easily inspected for viruses. With SMTP over TLS, encryption terminates at partners’ e-mail gateways.
This means that after messages move inside a company’s DMZ firewall, they can be treated just like regular SMTP traffic.
Messages can be inspected, scanned and analyzed for malicious content to comply with corporate security policies.
This is in sharp contrast to PGP- or S/MIME-style encryption schemes, in which messages are decrypted only at the point of receipt.
• Reduced cost. When company-to-company encryption over TLS is in place, tactical person-to-person systems for encrypting messages are no longer needed. In addition,
companies need only purchase TLS certificates for servers, rather than large numbers of enterprise S/MIME certificates for all clients.
There typically is no out-of-pocket cost to implement TLS, although there is some effort to set up and test TLS on the server, as there is no need to purchase any software.