Transport Layer Security (TLS) is encryption to secure email messages between sender and receiver to prevent outsiders from eavesdropping on your emails.
Read what Transport Layer Security (TLS) is, how it works, why you need it and how to check if your emails are properly encrypted.
TLS is a popular internet security protocol designed to establish secure communications on the internet providing both privacy and data security. TLS was first developed by the Internet Engineering Task Force (IETF) with the first version being published in 1999.
TLS was created from another encryption protocol called Secure Sockets Layer, or SSL. Since both protocols are so closely related, you may hear others use SSL and TLS interchangeably to describe secure communications over the internet.
Ports 587, 2525, and 465 are commonly used to establish secure connections. These ports may vary depending on whether you’re using IMAP or POP3 to access emails from your server. Your system administrator can also set specific ports for encryption on mail servers and other applications.
STARTTLS is a protocol command used to prompt an email server that the client wishes to upgrade the connection from an insecure connection to a secure one. STARTTLS can take an insecure connection and make it secure via TLS protocol. Having this option enabled on your mail server allows a secure connection to be established before any emails are sent.
TLS plays a role in protecting email communications by establishing a secure and encrypted connection between two points. TLS utilizes asymmetric encryption to keep email communications private, and untampered while in transit. Using encryption for emails ensures that the contents of the message cannot be read or modified while being sent and provides a mechanism for authentication between the sender and recipient.
Emails that use SMTP without encryption risk having their messages compromised by man in the middle attacks or wiretaps. These attacks can silently copy your emails and read their contents or change the contents of the message while in transit.
This not only compromises the integrity of the email but provides valuable information to attackers wishing to launch even more sophisticated attacks against your domain such as spear phishing or whaling campaigns.
Secure connections are established using a series of steps known as a TLS handshake. This handshake requires two parties in order to create a secure connection. When a message is sent using TLS, the handshake process begins.
Today, close to 90% of emails both sent and received are encrypted. But how can you check for yourself?
Server administrators should be able to verify their email server is using some form of encryption by checking their certificate store and validating that their certificate is both installed correctly and up to date.
If you’re simply checking an email, you can verify if the message was sent using encryption by checking the headers of the message. In Gmail this can be done by opening the email in question and clicking on the small arrow next to your name underneath the sender’s address.
This can be done in Microsoft Outlook as well by opening the email you wish to check, and then navigating to File > Properties. This will open up the email header information which will contain any TLS information if available.
TLS plays a vital role in email security, but it can’t protect against all email-based threats. Emails using encryption are protected against:
TLS cannot protect emails against:
Agari Email Protection utilizes TLS and DMARC to ensure that emails are encrypted as well as protected against phishing attacks from domain spoofing.
Phishing attacks that use lookalike domains trick unsuspecting recipients into clicking links or sending sensitive information by pretending to be a trusted sender. These attacks can occur directly over a secure connection since they don’t abuse a lack of encryption to succeed.
By combining TLS encryption with Agari’s Advanced Email Protection, organizations can deploy an email security strategy that stops email-based attacks on all levels. For email protection beyond TLS, see how Agari Phishing Defense works in action, or sign up for a free trial to experience the difference for yourself.