Behavior of TLS connection for Email delivery
Article ID: 221535
Updated On:
Products
Issue/Introduction
Email Security.cloud supports TLS for Email transmission. This article explains how the Email Security.cloud uses TLS connection for inbound/outbound mails.
Resolution
Refer to table below. It shows how TLS connection used on each route.
| Inbound/Outbound | Route | Connection |
| Inbound | External to ESS | Sender can use plain or TLS connection. ESS responds to any connection. |
| Inbound | ESS to Inbound Route | If Inbound Route MTA announces TLS support then ESS uses TLS, otherwise plain connection used. |
| Outbound | Outbound Route to ESS | Sender can use plain or TLS connection. ESS responds to any connection. |
| Outbound | ESS to External | If Recipient MTA announces TLS support then ESS uses TLS, otherwise plain connection used. |
*ESS = Email Security .cloud Service
Overall, ESS tries to use TLS whenever it is possible. When ESS is the recipient, its MTA announces TLS support but TLS usage is up to the sender. ESS accepts both plain and TLS connection. When ESS is the sender and recipient MTA announces TLS support then it uses TLS but plain connection also used for plain text recipient. Note that our server accepts any TLS Certificate including Self-signed Certificate.
Additional Information
With default configuration of Email Security.cloud, it works like the explanation and does not enforce TLS connection. Please refer to Configure TLS encryption enforcement between your domains and Symantec.cloud for enforcing TLS connection.
Feedback
