TLS – Transport Layer Security

Secure connection of email servers with TLS and NoSpamProxy

Intelligent TLS management with NoSpamProxy

The secure transmission of emails between two email servers using TLS should actually be a matter of course today. Servers nevertheless often do not or only partially support this important feature. For example, although Amazon’s email servers dispatch via TLS-protected connections, only unencrypted reception is possible. The widespread implementation of TLS is nevertheless quite simple. Contrary to popular belief, a self-generated certificate is all you need, as the certificates are not checked in most cases. However, the server software must support TLS.

NoSpamProxy is an email security gateway that meets the highest security requirements. Individual communication partners can, for example, force encryption of the connection with just a few mouse clicks. For critical connections, you can even file which certificate the other party must provide. This essentially corresponds to the purpose of DANE (DNS-based Authentication of Named Entities). DANE is a protocol that is used to protect data traffic. It extends the popular TLS transport route encryption to ensure that the certificates used cannot be exchanged without it being noticed, thus increasing security for the encrypted transmission of emails.

The only difference is the manual filing of the certificate in NoSpamProxy by the administrator. Security-conscious companies can use NoSpamProxy to establish a manual DANE process with their market partners.

Securing the connection to communication partners

The settings in the NoSpamProxy partner entries apply to both inbound and outbound connections on this domain.

The connection’s level of security can also be set to a minimum with a single click. This prevents NoSpamProxy from using weak or old encryption and hashing algorithms referred to as cipher suites. It is even possible to only use cipher suites with perfect forward secrecy (PFS).

TLS security with a single click

The administrator can secure email reception in the NoSpamProxy reception connectors. Connection security can be allowed as an option there. This means that NoSpamProxy offers the delivering server the StartTLS method. The delivering server can then decide whether or not it wants to encrypt.

If TLS is already enforced in the receiving connector, this applies to all servers that want to deliver an email to NoSpamProxy. If only specific market partners are to be forced, the setting is made in the partner settings (see above).