Related Material

Secure Email - TLS
Is My Email Secure?

Email is much like a postcard. It is open for all to see. In today's high tech society, millions of people try to hack into email accounts across the world on a daily basis - especially those of corporations. Most people don't realize how susceptible their email accounts are to being hacked into. Employees frequently send emails with passwords, personal and private information, and sensitive documents they wouldn't want others outside of their company to read. Yet when an email is sent, anyone can read it - especially if you are on an open wireless network.

How Can I Protect My Email?
tls
Most emails are sent as plain text - ie just as they are. Protected emails are sent with TLS (Transport Layer Security). TLS is secure and easy to use. If you already use Worthwhile email then it's a simple setting in your email client. If you don't have Worthwhile email get signed up right away! Worthwhile TLS is fast, safe, and reliable.

All major email clients support Worthwhile TLS including Outlook, Outlook Express, Thunderbird, Eudora, and Mail.

What is TLS (Technical Details for People who Find that Stuff Interesting)?

TLS allows your emails to be encrypted as they travel across the Internet. It takes your email, scrambles it up, sends it across the Internet, then unscrambles and delivers it. Without TLS, they travel as plain text and can be intercepted. This often happens in open wireless networks. Say you’re sitting in your favorite coffee shop sending and receiving email, anyone using the same wireless network can read your email with simple hacking software. That’s a scary thought for anyone not using TLS. Bottom line: TLS is a no-brainer for email.

How was TLS Developed?

The following is taken from the Internet Engineering Task Force (IETF):

Transport Layer Security (TLS) is the official internet standard name for the proprietary standard that was known as SSL. When responsibility for SSL development was assumed by the IETF the protocol was renamed to TLS. TLS 1.0 is essentially one step beyond SSL 3.0. TLS 1.0 was published as RFC 2246. RFC 3207 - "SMTP Service Extension for Secure SMTP over Transport Layer Security" describes TLS as "an extension to the SMTP service that allows an SMTP server and client to use TLS to provide private authenticated communication over the Internet. TLS complies with RFC 3207 and therefore should work with other vendor's implementations of the standard.

What Goes On Behind the Scenes to make TLS Work?

  • SMTP servers may advertise the STARTTLS option in the EHLO response
  • A client that wants to use TLS issues the STARTTLS command
  • The server typically replies: 220 Ready to start TLS.
  • The client and server then execute a TLS handshake as per the TLS protocol standards.
    • Same network connection, no change of port.
    • Unlike HTTPS, client authentication may be required
  • If the handshake result is satisfactory to both sides, the SMTP session starts over under a TLS secured connection
  • If the handshake is unsuccessful, either side may refuse to continue

TLS requires that the server's certificate be trusted. This can be accomplished by one of two methods. Trust is automatic if the server’s certificate is issued by a trusted certificate authority. In this scenario it is not necessary to import a copy of the server’s public certificate. If the chain is not trusted, the server's certificate can be imported and trusted prior to attempting TLS communication.

For an in depth explanation of how SMTP over TLS works, please review RFC 3207 - SMTP Service Extension for Secure SMTP over Transport Layer Security.

Secure your email with Worthwhile TLS Email Service. Contact us today for your free quote.