Other delivery methods
TLS Enforcing
TLS enabling makes e-mail delivery safe and trusted. An enforced TLS connection is set up between specific predefined servers and connection is confirmed with certificates which guarantee that mail is only processed by trusted servers and there are no other servers inside mail delivery route where message could be read.
The message is routed using the next hop principle (from point A to point B) where it is always routed to a predefined IP address. Message can never be routed according to MX records because if MX records changes the mail can go to different server than originally and there is no way of knowing what servers are in the middle.
By using enforced TLS encryption it can be defined either per-domain or per receiver to whom the mail is sent to. If the message for some reason cannot be delivered using TLS, message awaits in the server queue to be redelivered. If the message cannot be delivered to the receiver with TLS within predefined time limit, the sender is notified with a bounce message.
- Firewall settings in TLS Enforcing: In the sending Secure Emailport 465 in firewall must be open to the mail server of the counterparty (incoming traffic) and port 25 in firewall must be open to the mail server of the counterparty (outgoing traffic). On the receiving end server must be able to receive TLS encrypted mail (port 25 or separately agreed). Server sends TLS encrypted mail to Secure Email to cluster address port 465.