Donate
‹ Back
Building Trust 2 October 2017

Transport Layer Security (TLS) for Email

Email is effectively a plaintext communication sent from email clients to receiving email servers or from one server to another.  This design limitation leaves the content of a message in transit open for anyone to eavesdrop; from a wireless hotspot at the airport or coffee shop to your ISP and internet backbone providers that carry your messages throughout the world.

Transport Layer Security (TLS) helps solve this issue by offering encryption technology for your message while it is “in transit” from one secure email server to another. That is, TLS helps prevent eavesdropping on email as it is carried between email servers that have enabled TLS protections for email.  Just as TLS can be used to secure web communications (HTTPS), it can secure email transport. In both applications, TLS has similar strengths and weaknesses. To maximize the content security and privacy, TLS is required between all the servers that handle the message including hops between internal and external servers.

TLS is the standard for secure email. 

Key features of TLS includes:

  • Encrypted messages: TLS uses Public Key Infrastructure (PKI) to encrypt messages from mail server to mail server. This encryption makes it more difficult for hackers to intercept and read messages.
  • Authentication: TLS supports the use of digital certificates to authenticate the receiving servers. Authentication of sending servers is optional. This process verifies that the receivers (or senders) are who they say they are, which helps to prevent spoofing.

Opportunistic TLS is accomplished when used by both sending and receiving parties to negotiate a secured SSL/TLS session and encrypt the message. Today leading consumer ISPs and mailbox providers including Comcast, Google, Microsoft and Yahoo are now supporting TLS.  The Online Trust Audit & Honor Roll includes tracking adoption of TLS.

OTA recommends organizations adopt TLS and periodically test their servers to help ensure their configuration is secure and optimized.

Resources

‹ Back

Related articles

2016 Honor Roll Methodology
Building Trust15 June 2016

2016 Honor Roll Methodology

The 2016 Online Trust Audit has evolved over the past 8 years and includes a composite analysis focusing on three...

2019 Online Trust Audit Methodology 
Privacy24 September 2019

2019 Online Trust Audit Methodology 

The 2019 Online Trust Audit will represent the 11th independent analysis and benchmark report of the adoption of security standards and responsible privacy...

2017 Online Trust Audit and Honor Roll
Building Trust20 June 2017

2017 Online Trust Audit and Honor Roll

The 2017 Online Trust Audit is the 9th year OTA will be conducting an independent analysis and benchmark report of...

Join the conversation with Internet Society members around the world