Our EnsureMail and Exchange infrastructure employs the following security layers to secure your email communications:
- File encryption: Files are encrypted prior to uploading them using 256-bit AES. AES is an industry (and government) standard and is one of the most well studied and most secure encryption algorithms available. This is the case for uploading files in Exchange public folders.
- TLS / SSL Encryption for EnsureMail & Exchange on our outgoing ports: Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL), are cryptographic protocols that provide security for communications over networks. TLS and SSL encrypt the segments of network connections at the application layer to ensure secure end-to-end transit at the transport layer. For our purposes, they create an encrypted tunnel through which we send emails.
EnsureMail & Exchange servers by default will attempt a TLS connection for both in and outbound email. For outgoing mail (any of our servers sending to external MX servers), we will perform TLS if it is advertised by the remote server. When performing outgoing TLS, our servers are permissive with the certificate (in other words, if the site is using a self-signed certificate, as long as it is a working certificate, we should still accept it).
Our outgoing SMTP servers will use TLS in an opportunistic fashion. This means that our servers will attempt to open an SMTP transaction with the recipient server using TLS. If TLS cannot be successfully connected, the communication will default back to an unencrypted transmission of the data, also referred to as PLAINTEXT to be able to deliver to the 1% of old mail servers that do not have TLS setup and installed.
In order to transmit over SSL you will need to be transmitting over an SSL based SMTP port. (secure.emailsrvr.com with SSL enabled for EnsureMail and by default, Exchange connects with encryption.
For received emails, our servers will respond to TLS/SSL requests to send mail to us encrypted.