What is TLS?
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message.
All mail sent to and from Smarsh Hosted Services servers will attempt to make a TLS connection, using Opportunistic TLS. When sending using Opportunistic TLS, if a TLS connection cannot be established, it will fall back to a basic connection and send the message in plain text using SMTP.
When a message is sent using a Forced TLS connection, if the TLS handshake cannot be established or if the target server is not configured to accept only Forced TLS connections, the message will not be delivered.
To work, TLS should be enabled on both - recipient's and sender's side.
By default, Opportunistic TLS is enabled on our servers.
To enable Forced TLS it is necessary to confirm that TLS is enabled on recipients' side.
What is required to enable Forced TLS?
We require a formal request from the owner of the recipients' domain in a PDF file.
Important: Support team will not be able to complete your request without signed formal PDF letter from the recipient side.
The document should contain a list of domains and also indicate that this is the only way to send to them and confirm the TLS connection, be signed by the client approving the request.
The written letter has to be from the domain that is requiring the connection to be established via TLS. A company letterhead with the request is adequate. The letter should be scanned to a PDF format so that it cannot be changed. Recipients must provide the signed document.
A sample format of the letter:
Please enforce TLS connection for our domains.
Reason of Enabling:
Any additional information:
Once you have received a signed PDF document, contact Support.
If Policy-Based Encryption is enabled on the account, refer to the article Setting Up Enforced TLS Via Policy-Based Encryption for additional information.