What exactly is TLS when it comes to email encryption?
TLS, or cybersecurity protocol Transport Layer Security first developed by the Internet Engineering Task Force (IETF), was designed to establish secure communications that provide both privacy and data security. Originally created from another encryption protocol called Secure Sockets Layer, or SSL, you may hear others use SSL and TLS interchangeably to describe secure communications transmitted over the Internet.
Ports 587, 2525, and 465 are commonly used to establish secure connections, but which you use varies based on whether you’re using IMAP or POP3 to access emails from your server. Your system administrator can also set specific ports for encryption on mail servers and other applications.
What is STARTTLS?
STARTTLS is a protocol command used to prompt an email server that the client wishes to upgrade the connection from an insecure connection to a secure one. STARTTLS can take an insecure connection and make it secure via TLS protocol. Having this option enabled on your mail server allows a secure connection to be established before any emails are sent.
What protection do you get with TLS email encryption?
TLS plays a role in protecting email communications by establishing a secure and encrypted connection between two points. Similar to DKIM, TLS utilizes asymmetric encryption to keep email communications private and untampered with while in transit. In other words, using encryption for emails ensures that the contents of the message cannot be read or modified while being sent and provides a mechanism for authentication between the sender and recipient.
Emails that use SMTP risk having their messages compromised by man-in-the-middle attacks or wiretaps if they are operating without encryption. These attacks can silently copy your emails and read their contents or even change the contents of the message while it's in transit. This not only compromises the integrity of the email, but can provide valuable information to attackers who are capable of launching even more sophisticated attacks against your domain, such as spear phishing or whaling campaigns.
Secure connections are established using a series of steps known as a "TLS handshake".
This handshake requires two parties in order to create a secure connection. When an email is sent using TLS, the handshake process gets into motion as follows:
- During the first phase, the client and server will specify which version of TLS they will use for the session.
- Then the client and server will pick which cipher suit they will use.
- The identity of the server will then be authenticated using the server’s TLS email certificate.
- Finally, session keys will be generated and used to encrypt the email messages once the handshake is completed.
How to check if an email is using TLS
According to Google, around 90% of emails both sent and received are encrypted. But how can you check for yourself? Server administrators should be able to verify their email server is using some form of encryption by checking their certificate store and validating that their certificate is both installed correctly and up to date.
If you’re simply checking an email, you can verify if the message was sent using encryption by checking the headers of the message. In Gmail, this can be done by opening the email in question and clicking on the small arrow next to your name underneath the sender's address.
This can be done in Outlook as well by opening the email you wish to check, and then navigating to File > Properties. This will open up the email header information which will contain any TLS information if available.
Is TLS the only email protection I need?
TLS plays a vital role in email security, but it can’t protect against all email-based threats. Emails using encryption are protected against:
- Man-in-the-middle attacks
- Messages read or eavesdropped on by attackers while in transit
- Messages being forwarded to attackers
However, TLS cannot protect emails from:
- Phishing attempts using lookalike domains
- Malicious attachments that contain viruses
- Links inside of emails that redirect to phishing sites
- Emails that use social engineering to trick recipients into sharing sensitive information
- Servers sending spoof emails from domains that they do not control or defend
The Agari Advantage
Agari's Email Security solutions utilize TLS email and DMARC protocols to ensure that emails are encrypted, as well as protected against phishing attacks from domain spoofing. Phishing attacks that use lookalike domains trick unsuspecting recipients into clicking links or sending sensitive information by pretending to be a trusted sender. These attacks can occur directly over a secure connection since they don’t have to abuse a lack of encryption to succeed.
By combining TLS email encryption, organizations can deploy a security strategy that stops email-based attacks at all levels.